Name: Security Audit
Author: Netresearch DTT GmbH

Install

Pick whichever fits your project — they all reach the same skill.

/plugin install security-audit@netresearch-claude-code-marketplace

npx any Agent Skills CLI
```
npx skills add https://github.com/netresearch/security-audit-skill --skill security-audit
```
Universal Agent Skills CLI from skills.sh — works across Claude Code, Cursor, GitHub Copilot, Codex, Gemini CLI and 30+ more agents.
composer require PHP project, as a package
```
composer require netresearch/security-audit-skill
```
Requires netresearch/composer-agent-skill-plugin — resolves Agent Skills as Composer dependencies in PHP projects, auto-discovers skills, generates AGENTS.md.
composer skills:add PHP project, direct source
```
composer skills:add github:netresearch/security-audit-skill
```
Provided by netresearch/composer-agent-skill-plugin — pins skill repos directly without going through Packagist, locks them in composer.skills.lock.

What you can do with it

Vulnerability Assessment: XXE injection, SQL injection, XSS, CSRF, command injection, path traversal, file upload vulnerabilities, insecure deserialization, SSRF, type juggling, SSTI, JWT flaws, LDAP injection, email header injection, session fixation
Risk Scoring: CVSS v3.1 and v4.0 scoring methodology, risk matrix assessment, impact and likelihood analysis, prioritization frameworks
Secure Coding: Input validation, output encoding, cryptographic best practices (sodium), session management, authentication patterns, security headers
Standards Compliance: OWASP Top 10, CWE Top 25 (2025), OWASP ASVS v4.0, Proactive Controls — applicable to any project
PHP/TYPO3 Deep Scanning: 80+ automated checkpoints, PHP 8.x security features, framework patterns (TYPO3, Symfony, Laravel)
DevSecOps: CI/CD security pipeline, SAST, dependency scanning, supply chain security, SLSA