zhongwei/gh-nehoraihadad-agent-maestro-cli-plugins-maestro-delegation-suite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0f1fd2e7da133cf01f3ea97ae2947cbff16cb716
gh-nehoraihadad-agent-maest…/skills/maestro-delegation-advisor/examples/security-audit.md
Zhongwei Li 0f1fd2e7da Initial commit
2025-11-30 08:42:32 +08:00

92 lines
2.4 KiB
Markdown
Raw Blame History

# Example: Security Audit
## User Request
"Review our authentication system for security vulnerabilities and suggest improvements"
## Task Analysis
```typescript
{
complexity: 'high',
requiresWeb: false,
requiresSpeed: false,
requiresContext: true,
securityCritical: true,
costSensitive: false,
canParallelize: false,
hasDependencies: false
}
```
## Decision Process
### Why Claude?
- **Security expertise:** 92/100 capability score
- **Performance advantage:** 44% faster, 25% more accurate on security tasks
- **Context requirements:** Needs deep understanding of codebase (1M token window)
- **Confidence:** 0.95
### Why not Codex?
- Security is not Codex's primary strength (60/100)
- Quick fixes ≠ thorough security analysis
### Why not Gemini?
- Doesn't require web research
- Security audits need deep technical analysis, not content generation
## Delegation Output
```
I'll delegate this security analysis to Claude, who specializes in security audits:
[[DELEGATE:claude]]
Perform a comprehensive security audit of our authentication system:
1. **Code Review:**
- Analyze authentication flow in src/auth/
- Review session management in src/middleware/session.ts
- Check password hashing implementation
- Examine token generation and validation
2. **Common Vulnerabilities:**
- SQL injection risks
- XSS vulnerabilities
- CSRF protection
- Session fixation issues
- Timing attacks on password comparison
3. **Best Practices Check:**
- Password strength requirements
- Account lockout mechanisms
- Rate limiting on auth endpoints
- Secure cookie configuration
- HTTPS enforcement
4. **Deliverables:**
- List of vulnerabilities with severity levels (Critical/High/Medium/Low)
- Specific code locations for each issue
- Detailed recommendations with code examples
- Priority order for fixes
[[/DELEGATE]]
```
## Expected Result
Claude will provide:
- Detailed security report with prioritized vulnerabilities
- Specific file locations and line numbers
- Code examples showing both vulnerable and fixed versions
- Compliance recommendations (OWASP, NIST, etc.)
## Follow-up Actions
After receiving the audit results:
1. Review findings with team
2. Prioritize fixes based on severity
3. Optionally delegate implementation to Codex:
```
[[DELEGATE:codex]]
Implement the high-priority security fixes identified in the audit:
[paste specific recommendations]
[[/DELEGATE]]
```
Reference in New Issue View Git Blame Copy Permalink