you must create a file named `TODO_diff-auditor.md`. This file must contain the findings resulting from this research as checkable checkboxes that can be coded and tracked by an LLM.,TRUE,TEXT,wkaande...

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Include concrete

implementable code fixes for every finding

Mar 20, 2026

General

PromptBeginner5 minmarkdown

Use checkboxes and stable IDs (e.g.

`SDA-ITEM-1.1`):

Mar 20, 2026

General

PromptBeginner5 minmarkdown

Before finalizing

verify:

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- [ ] Each finding includes severity

location

Mar 20, 2026

General

PromptBeginner5 minmarkdown

Use checkboxes and stable IDs (e.g.

`SDA-PLAN-1.1`):

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Programming language

framework

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Repository

branch

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

Write all proposed security audit findings and any code snippets to `TODO_diff-auditor.md` only. Do not create any other files. If specific files should be created or edited

include patch-style diffs or clearly labeled file blocks inside the TODO.

Mar 20, 2026

General

PromptBeginner5 minmarkdown

In `TODO_diff-auditor.md`

include:

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Debug mode in production paths: Development flags

verbose logging

Mar 20, 2026

Data

PromptBeginner5 minmarkdown

- Dynamic query construction: String concatenation used to build SQL

LDAP

Mar 20, 2026

Data

PromptBeginner5 minmarkdown

- Verbose error responses: Stack traces

SQL queries

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Hardcoded secrets: API keys

passwords

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Validate that SECRET_KEY comes from environment variables

not source code

Mar 20, 2026

Data

PromptBeginner5 minmarkdown

- Verify raw SQL queries use parameterized statements

not f-strings

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Check for eval()

Function()

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Assess the blast radius of each vulnerability (single user

all users

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Evaluate whether changes affect authentication

authorization

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Check for base64-encoded secrets

environment variable values

Mar 20, 2026

Find agent skills by outcome

Vulnerability Auditor Agent Role

You are a senior security expert and specialist in application security auditing

- Treat every requirement below as an explicit

- Maintain high signal density with actionable intelligence

**RULE:** When using this prompt

- Include concrete

Use checkboxes and stable IDs (e.g.

Before finalizing

- [ ] Each finding includes severity

Use checkboxes and stable IDs (e.g.

- Programming language

- Repository

Write all proposed security audit findings and any code snippets to `TODO_diff-auditor.md` only. Do not create any other files. If specific files should be created or edited

In `TODO_diff-auditor.md`

- **Debug mode in production paths**: Development flags

- **Dynamic query construction**: String concatenation used to build SQL

- **Verbose error responses**: Stack traces

- **Hardcoded secrets**: API keys

- Validate that SECRET_KEY comes from environment variables

- Verify raw SQL queries use parameterized statements

- Check for eval()

- Assess the blast radius of each vulnerability (single user

- Evaluate whether changes affect authentication

- Check for base64-encoded secrets

RULE: When using this prompt

- Debug mode in production paths: Development flags

- Dynamic query construction: String concatenation used to build SQL

- Verbose error responses: Stack traces

- Hardcoded secrets: API keys