you must create a file named `TODO_diff-auditor.md`. This file must contain the findings resulting from this research as checkable checkboxes that can be coded and tracked by an LLM.,TRUE,TEXT,wkaande...

Apr 2, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Include concrete

implementable code fixes for every finding

Apr 2, 2026

Find agent skills by outcome

Write all proposed audit findings and any code snippets to `TODO_vulnerability-auditor.md` only. Do not create any other files. If specific files should be created or edited

- **ORM Safety**: Parameterized queries

If the target is an ASP.NET Core / .NET Web API

- **Model Validation**: DataAnnotations

- **Verbose error messages**: Stack traces

- **Unencrypted sensitive data**: PII

- **Hardcoded secrets**: API keys

- Check for unsafe output rendering: script injection

- Test for encoding evasion: Unicode tricks

- Configure `SECRET_KEY` via environment variables

- Provide actionable remediation with specific code fixes

- Apply context-aware output encoding for HTML

- [ ] No secrets

- Missing data masking in logs

- Assess PII handling for data minimization

- Validate that sensitive data never appears in logs

- Verify credential storage never includes plaintext secrets

- Examine all user inputs for injection vectors: SQL

- **Assess** data protection strategies including encryption at rest

- Assign each task a stable ID (e.g.

- **Trace** data flows from user input through processing to output

- Treat every requirement below as an explicit

**RULE:** When using this prompt

- Include concrete

- ORM Safety: Parameterized queries

- Model Validation: DataAnnotations

- Verbose error messages: Stack traces

- Unencrypted sensitive data: PII

- Hardcoded secrets: API keys

- Assess data protection strategies including encryption at rest

- Trace data flows from user input through processing to output

RULE: When using this prompt