Skip to content

feat: add security red-team audit workflow#1

Merged
bglglzd merged 2 commits into
mainfrom
agent/security-red-team-workflow
Jul 14, 2026
Merged

feat: add security red-team audit workflow#1
bglglzd merged 2 commits into
mainfrom
agent/security-red-team-workflow

Conversation

@bglglzd

@bglglzd bglglzd commented Jul 14, 2026

Copy link
Copy Markdown
Owner

What changed

  • Added a tool-neutral Security Red-Team Audit & Remediation prompt.
  • Added the matching Codex skill and plugin starter prompt.
  • Covered authorized threat modeling, source review, safe dynamic checks, Burp Suite boundaries, rate limits, remediation, regression tests, and security reporting.

Safety model

The workflow defaults to source-only/passive review when authorization is unclear. Active testing is restricted to explicitly approved local or staging scope, supplied test accounts, and a hard request budget. It prohibits destructive testing, credential attacks, data exfiltration, and unapproved targets.

Validation

  • python scripts/validate_skills.py
  • Official skill validator for all four skills
  • Plugin manifest validator
  • Prompt/skill parity check
  • git diff --check

@bglglzd bglglzd marked this pull request as ready for review July 14, 2026 07:52
@bglglzd bglglzd merged commit 0ef1476 into main Jul 14, 2026
1 check passed
@bglglzd bglglzd deleted the agent/security-red-team-workflow branch July 14, 2026 07:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant