Security Hardening Pack

AI-generated code often takes the happy path. These four prompts check the security surface from multiple angles — OWASP vulnerabilities, supply chain risks in dependencies, type coercion issues that create attack vectors, and API contracts that can be abused.

Run this pack on any PR that touches authentication, authorization, data handling, or external APIs.

Step 1 | v1.0

Security Review

OWASP-aligned security audit of AI-generated code covering injection, auth bypass, secrets exposure, XSS, CSRF, and insecure dependencies.

Step 2 | v1.0

Dependency Risk Audit

Audits proposed changes for dependency risks including new packages, version conflicts, license issues, and supply chain concerns.

Step 3 | v1.0

Type Safety Audit

Finds type coercion bugs, any-type escapes, unsafe casts, missing null checks, and weak type boundaries in AI-generated code across TypeScript, Python, Java, and more.

Step 4 | v1.0

API Response Validator

Validates that API responses match their declared contracts, schemas, and types — catching shape mismatches, missing fields, wrong status codes, and undocumented error formats.