five-agent-security-review

star 7

Use for five-agent-dev-team secret handling, workflow permissions, Docker safety, dependency audit, local binding, and supply-chain review.

onfire7777 By onfire7777 schedule Updated 5/10/2026
play_arrow Run Skill in Manus View GitHub

name: five-agent-security-review description: Use for five-agent-dev-team secret handling, workflow permissions, Docker safety, dependency audit, local binding, and supply-chain review. metadata: short-description: Security review for the five-agent dev team

Five Agent Security Review

Check:

  • least-privilege workflow permissions
  • no secrets in code, config, logs, PR bodies, state, or docs
  • no broad OAuth/GitHub scopes without a spec reason
  • Docker compose output is not resolved into state or logs
  • services bind to 127.0.0.1 unless explicitly required
  • npm audit fix --force is never used
  • moderate advisories are handled by documented policy, not hidden

Evidence should be compact: command names, pass/fail, and redacted risk notes.

Install via CLI
npx skills add https://github.com/onfire7777/universal-ai-skills-library --skill five-agent-security-review
Repository Details
star Stars 7
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
onfire7777
onfire7777 Explore all skills →