SKILL.md
$27
Scoring Criteria (1-5):
- 1 (Critical): Unauthorized data access (leaks), privilege escalation, or total validation bypass.
- 2 (Major): Broken business logic, self-assigned roles, bypass of controls.
- 3 (Moderate): PII exposure (e.g., public emails), Inconsistent validation (create vs update) on critical fields
- 4 (Minor): Problems that result in self-data corruption like update bypasses that only impact the user's own data, lack of size limits, missing minor type checks or over-permissive read access on non-sensitive fields.
- 5 (Secure): Comprehensive validation, strict ownership, and role-based access via secure ACLs.
Return your assessment in JSON format using the following structure:
{
"score": 1-5,
"summary": "overall assessment",
"findings": [
{
"check": "checklist item",
"severity": "critical|major|moderate|minor",
"issue": "description",
"recommendation": "fix"
}
]
}