Security Review Workflow FAQs

Question 1

Can I use this for PII and compliance checks?

Accepted Answer

Yes, it specifically includes a privacy-focused agent that reviews PII handling, data minimization, and compliance-related data patterns.

Question 2

What specific security areas does this skill cover?

Accepted Answer

It reviews five core areas: general vulnerabilities, PII/privacy compliance, infrastructure security (IAM/secrets), data integrity (concurrency/failures), and supply chain risks (dependencies/lockfiles).

Question 3

How does the parallel execution work?

Accepted Answer

The skill spawns five separate Task agents that run specialized security commands simultaneously, allowing for a comprehensive audit without the wait time of sequential processing.

Question 4

How are findings tracked after the review?

Accepted Answer

All findings (except minor 'nits') are automatically converted into pending markdown files in your project's .claude/todos/ folder, complete with priority levels and remediation steps.

Question 5

What is the output format of the review?

Accepted Answer

The skill produces a unified report sorted by severity (Blocker to Low), followed by a summary of the todos created and a prompt to run /triage for further action.

Security Review Workflow

Key Features

Use Cases

Security Review Workflow

Key Features

Use Cases