security-pr-checklist-skill
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseSecurity PR Checklist Skill
Security PR 审查清单 Skill
Standardized security review for pull requests.
为拉取请求(PR)提供标准化的安全审查流程。
PR Security Checklist
PR 安全审查清单
markdown
undefinedmarkdown
undefinedSecurity Review Checklist
Security Review Checklist
Authentication & Authorization
Authentication & Authorization
- No hardcoded credentials
- Authorization checks on all endpoints
- Session management secure
- Rate limiting on auth endpoints
- 无硬编码凭证
- 所有端点均进行授权校验
- 会话管理安全
- 认证端点启用速率限制
Input Validation
Input Validation
- All inputs validated
- Output properly encoded
- No SQL injection risks
- No XSS vulnerabilities
- 所有输入均经过校验
- 输出已正确编码
- 无SQL注入风险
- 无XSS漏洞
Data Protection
Data Protection
- Sensitive data encrypted at rest
- HTTPS enforced
- No PII in logs
- Secure cookie configuration
- 敏感数据静态存储时已加密
- 强制使用HTTPS
- 日志中不包含个人可识别信息(PII)
- Cookie配置安全
Dependencies
Dependencies
- No new high/critical vulnerabilities
- Dependencies up to date
- No suspicious packages
- 无新增高/严重级漏洞
- 依赖项已更新至最新版本
- 无可疑包
Secrets Management
Secrets Management
- No secrets in code
- Environment variables used
- .env files in .gitignore
- 代码中不包含密钥信息
- 使用环境变量存储敏感信息
- .env文件已加入.gitignore
Error Handling
Error Handling
- No sensitive info in errors
- Generic error messages
- Proper logging
undefined- 错误信息中不包含敏感内容
- 使用通用错误提示信息
- 日志记录规范
undefinedOutput Checklist
输出清单
- PR template created
- Required security checks
- Common pitfalls documented
- Automated checks in CI
- Review guidelines ENDFILE
- 已创建PR模板
- 已配置必要的安全检查项
- 已记录常见陷阱
- CI中已配置自动化检查
- 已制定审查指南 ENDFILE