Skip to content

Add Security Code Review Agent skill#52

Merged
santosomar merged 1 commit into
mainfrom
add-security-review-skill
Apr 15, 2026
Merged

Add Security Code Review Agent skill#52
santosomar merged 1 commit into
mainfrom
add-security-review-skill

Conversation

@shrey-bagga

@shrey-bagga shrey-bagga commented Apr 13, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Adds a new Security Code Review Agent skill under skills/security-review/
  • Includes SKILL.md (agent skill definition) and Security_Code_Reviewer_Guidelines.md (comprehensive review methodology and workflow)
  • The skill enables AI coding agents to perform structured security code reviews using Project CodeGuard rules (core + OWASP)
  • All rules are referenced from the existing sources/core/ and sources/owasp/ directories in this repository

Files Added

File Description
skills/security-review/SKILL.md Skill definition with inputs, workflow, and output format
skills/security-review/Security_Code_Reviewer_Guidelines.md Detailed review guidelines covering vulnerability categories, severity classification, token budgeting, and report structure

How It Works

  1. The agent loads security rules from Project CodeGuard (sources/core/ mandatory, sources/owasp/ based on detected tech stack)
  2. It performs a multi-pass review of the target repository following the methodology in the guidelines
  3. It produces a structured markdown security report with findings, severity ratings, and remediation guidance

Test Plan

  • Verify skill loads correctly with compatible AI coding agents
  • Confirm rule references to sources/core/ and sources/owasp/ resolve properly
  • Run a security review against a sample repository to validate end-to-end workflow
  • Review output report format matches the specification in the guidelines

Co-authored with Cursor

Adds a new skill under skills/security-review/ that provides a
comprehensive, AI-agent-driven security code review workflow.

The skill leverages Project CodeGuard's core and OWASP rules to
perform structured security assessments of entire repositories,
producing detailed markdown reports with findings, severity
assessments, and remediation guidance.

Includes:
- SKILL.md: Skill definition with inputs, workflow, and report format
- Security_Code_Reviewer_Guidelines.md: Full review methodology
  covering rule loading, file discovery, risk categorization,
  vulnerability categories, and report structure

Closes #50

Made-with: Cursor

@santosomar santosomar left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much for contributing this Shrey!

@santosomar santosomar merged commit ea19ed6 into main Apr 15, 2026
4 checks passed
@santosomar santosomar deleted the add-security-review-skill branch April 15, 2026 01:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants