fix-review
Verify Fix Commits Address Audit Findings
Security fixes require careful validation to ensure they resolve issues without introducing new bugs. This skill reviews fix commits against audit findings to confirm proper remediation.
スキルZIPをダウンロード
Claudeでアップロード
設定 → 機能 → スキル → スキルをアップロードへ移動
オンにして利用開始
テストする
「fix-review」を使用しています。 Review commit abc123 fixing SQL injection in user search endpoint
期待される結果:
Fix verified: Parameterized queries replace string concatenation. Test coverage added for injection attempts. No similar patterns found in adjacent query functions.
「fix-review」を使用しています。 Validate fixes for XSS findings in dashboard components
期待される結果:
3 of 5 findings resolved. Components A and B properly escape output. Components C, D, E still vulnerable - fix incomplete. Recommend blocking merge until all instances addressed.
セキュリティ監査
安全All static analysis findings are false positives. The detected URLs are documentation references in markdown, not executable network code. The weak crypto warning on line 3 is incorrect - that line contains only a description string. This skill is documentation-only with no executable code, presenting no security risk.
品質スコア
作れるもの
Security Team Lead
Review developer commits that claim to fix penetration test findings before merging to main branch
Compliance Officer
Validate that audit findings from external assessors have been properly addressed before compliance sign-off
Development Team
Self-review fix commits before submitting for security team approval to reduce iteration cycles
これらのプロンプトを試す
Review commit {commit_hash} and verify it addresses audit finding {finding_id}. Check that the fix resolves the root cause and does not introduce new issues.Analyze all commits in branch {branch_name} created to address security audit report {report_id}. For each finding, verify the fix is complete, test coverage exists, and no similar vulnerabilities remain in the codebase.Compare the code changes in {diff_or_commit} against the original vulnerability description. Identify any potential regressions, side effects, or new attack vectors the fix might introduce.The audit found {vulnerability_type} vulnerabilities at these locations: {locations}. Review commit {commit_hash} and identify if the same pattern exists elsewhere in the codebase that was missed.ベストプラクティス
- Always compare fixes against the original audit finding description to ensure complete resolution
- Verify that test cases specifically cover the attack scenario that was fixed
- Search the codebase for similar patterns that may require the same fix
回避
- Accepting fixes that only address symptoms without fixing root causes
- Merging partial fixes that leave similar vulnerabilities in other locations
- Skipping regression testing after security fixes are applied
よくある質問
What information do I need to provide for a fix review?
Can this skill verify that a fix actually works?
How do I know if a fix introduces new vulnerabilities?
What if the fix only partially addresses a finding?
Can this skill find similar vulnerabilities elsewhere in the codebase?
Is this skill suitable for compliance documentation?
開発者の詳細
作成者
sickn33ライセンス
MIT
リポジトリ
https://github.com/sickn33/antigravity-awesome-skills/tree/main/web-app/public/skills/fix-review参照
main
ファイル構成
📄 SKILL.md