secaudit
Systematically audits security for OWASP Top 10, compliance, and threat modeling. Guides investigation with expert validation.
Instructions
Performs comprehensive security audit with systematic vulnerability assessment. Use for OWASP Top 10 analysis, compliance evaluation, threat modeling, and security architecture review. Guides through structured security investigation with expert validation.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| step | Yes | Step 1: outline the audit strategy (OWASP Top 10, auth, validation, etc.). Later steps: report findings. MANDATORY: use `relevant_files` for code references and avoid large snippets. | |
| model | Yes | Currently in auto model selection mode. CRITICAL: When the user names a model, you MUST use that exact name unless the server rejects it. If no model is provided, you may use the `listmodels` tool to review options and select an appropriate match. Top models: gemini-2.5-pro (score 100, 1.0M ctx, thinking, code-gen); gemini-3-pro-preview (score 100, 1.0M ctx, thinking, code-gen); gemini-2.5-flash (score 61, 1.0M ctx, thinking); gemini-2.0-flash (score 56, 1.0M ctx, thinking); gemini-2.0-flash-lite (score 42, 1.0M ctx). | |
| images | No | Optional absolute paths to diagrams or threat models that inform the audit. | |
| findings | Yes | Summarize vulnerabilities, auth issues, validation gaps, compliance notes, and positives; update prior findings as needed. | |
| confidence | No | exploring/low/medium/high/very_high/almost_certain/certain. 'certain' blocks external validation—use only when fully complete. | |
| hypothesis | No | Current theory about issue/goal based on work | |
| audit_focus | No | Primary focus area: owasp, compliance, infrastructure, dependencies, or comprehensive. | comprehensive |
| step_number | Yes | Current security-audit step number (starts at 1). | |
| temperature | No | 0 = deterministic · 1 = creative. | |
| total_steps | Yes | Expected number of audit steps; adjust as new risks surface. | |
| issues_found | No | Security issues with severity (critical/high/medium/low) and descriptions (vulns, auth flaws, injection, crypto, config). | |
| threat_level | No | Assess the threat level: low (internal/low-risk), medium (customer-facing/business data), high (regulated or sensitive), critical (financial/healthcare/PII). | medium |
| files_checked | No | Absolute paths for every file inspected, including rejected candidates. | |
| thinking_mode | No | Reasoning depth: minimal, low, medium, high, or max. | |
| relevant_files | No | Absolute paths for security-relevant files (auth modules, configs, sensitive code). | |
| security_scope | No | Security context (web, mobile, API, cloud, etc.) including stack, user types, data sensitivity, and threat landscape. | |
| continuation_id | No | Unique thread continuation ID for multi-turn conversations. Works across different tools. ALWAYS reuse the last continuation_id you were given—this preserves full conversation context, files, and findings so the agent can resume seamlessly. | |
| severity_filter | No | Minimum severity to include when reporting security issues. | all |
| relevant_context | No | Methods/functions identified as involved in the issue | |
| next_step_required | Yes | True while additional threat analysis remains; set False once you are ready to hand off for validation. | |
| use_assistant_model | No | Use assistant model for expert analysis after workflow steps. False skips expert analysis, relies solely on your personal investigation. Defaults to True for comprehensive validation. | |
| compliance_requirements | No | Applicable compliance frameworks or standards (SOC2, PCI DSS, HIPAA, GDPR, ISO 27001, NIST, etc.). |