1 files changed, 48 insertions, 0 deletions
diff --git a/security-check/SKILL.md b/security-check/SKILL.md
new file mode 100644
index 0000000..ca431e0
--- /dev/null
+++ b/security-check/SKILL.md
@@ -0,0 +1,48 @@
+# /security-check — Audit Changes for Security Issues
+
+Scan staged or recent changes for secrets, OWASP vulnerabilities, and dependency risks.
+
+## Usage
+
+```
+/security-check [FILE_OR_DIRECTORY]
+```
+
+If no argument is given, audit all staged changes (`git diff --cached`). If there are no staged changes, audit the diff from the last commit.
+
+## Instructions
+
+1. **Gather the changes** to audit:
+   - Staged changes: `git diff --cached`
+   - Or last commit: `git diff HEAD~1`
+   - Or specific path if provided
+
+2. **Check for hardcoded secrets** — scan for patterns:
+   - AWS access keys (`AKIA...`)
+   - Generic secret patterns (`sk-`, `sk_live_`, `sk_test_`)
+   - Password assignments (`password=`, `passwd=`, `secret=`)
+   - Private keys (`-----BEGIN.*PRIVATE KEY-----`)
+   - `.env` file contents committed by mistake
+   - API tokens, JWTs, or bearer tokens in source code
+
+3. **OWASP Top 10 review**:
+   - SQL injection: string concatenation in queries
+   - XSS: unsanitized user input rendered in HTML/JSX
+   - Broken authentication: missing permission checks on endpoints
+   - Insecure deserialization: unsafe deserialization of untrusted data (e.g., eval, exec)
+   - Security misconfiguration: debug mode enabled in production settings
+   - Sensitive data exposure: PII or tokens in log statements
+
+4. **Dependency audit**:
+   - Run `pip-audit` if Python files changed
+   - Run `npm audit` if JavaScript/TypeScript files changed
+   - Flag any new dependencies added without version pinning
+
+5. **Report findings** in a table:
+
+   | Severity | File:Line | Finding | Recommendation |
+   |----------|-----------|---------|----------------|
+
+   Severity levels: CRITICAL, HIGH, MEDIUM, LOW, INFO
+
+6. If no issues found, report "No security issues detected" with a summary of what was checked.