← Registry
Skill Official

Security Audit Skill

A coding-agent skill that turns your agent into a security auditor, orchestrating parallel agents through a six-phase pipeline to find exploitable vulnerabilities with independently verified, machine-readable findings.

Install

via Positronick CLI

$positronick skill install cloudflare-security-audit-skill --run

Official

$npx skills add https://github.com/cloudflare/security-audit-skill --skill security-audit

The skill that seeded Cloudflare's vulnerability-discovery harness. It runs a structured, six-phase audit: recon (map architecture, trust boundaries, and input surfaces), hunt (parallel agents attack from angles like injection, access control, business logic, and crypto), validate (separate agents try to disprove each finding to kill false positives), report (human-readable REPORT.md plus detailed traces), structured output (schema-validated findings.json), and independent verification (fresh agents re-check every factual claim against the source). Runs are additive — each pass reads prior findings to skip known issues and target gaps. Works with any Skills-CLI-compatible coding agent.