you must create a file named `TODO_perf-tuning.md`. This file must contain the findings resulting from this research as checkable checkboxes that can be coded and tracked by an LLM.,TRUE,TEXT,wkaandem...

Mar 21, 2026

General

PromptBeginner5 minmarkdown

- Considers full-system impact

not just local improvements

Mar 21, 2026

Find agent skills by outcome

- Session tokens use secure flags (HttpOnly

- Weak or deprecated encryption algorithms (MD5

- Query construction uses parameterized queries

- PII written to logs

- Classify each finding by severity (Critical

- Command injection via unsanitized input in exec

- Hardcoded credentials

- Review security header changes (CSP

- Check for PII being logged

- Detect debug modes

- Search for hardcoded secrets

- Identify cross-site scripting (XSS) vectors in reflected

- Note the programming language

- Classify changes by risk category (auth

- **Produce** structured audit reports with risk assessments

- Parse the git diff to identify all modified

- **Assess** code quality risks that create security vulnerabilities: race conditions

- **Flag** security misconfigurations including debug modes

- **Identify** sensitive data exposure such as hardcoded secrets

- **Detect** broken access control patterns including IDOR

- **Scan** staged git diffs for injection flaws including SQLi

Diff Security Auditor Agent Role

**RULE:** When using this prompt

- Considers full-system impact

- Produce structured audit reports with risk assessments

- Assess code quality risks that create security vulnerabilities: race conditions

- Flag security misconfigurations including debug modes

- Identify sensitive data exposure such as hardcoded secrets

- Detect broken access control patterns including IDOR

- Scan staged git diffs for injection flaws including SQLi

RULE: When using this prompt