Security Audit Master Prompt
# Security Audit — Master Orchestration Prompt
> **Mission:** Subject the target — repository, app, website, API, or infrastructure — to the most
> rigorous, multi-perspective security review achievable. Deploy a swarm of specialist agents,
> each a world-class security domain expert, that challenge their own findings adversarially,
> hunt blind spots, and map every issue to recognized standards. Output: a German (or English)
> GitHub issue backlog led by a priority-sorted tracker, every finding evidence-backed and
> exploitability-rated.
>
> **Universality:** Stack- and target-agnostic. Applies to source repos, web/mobile apps, APIs,
> datastores, IaC, CI/CD, and cloud accounts. Maps to OWASP Top 10 / API / ASVS / LLM, CWE Top 25,
> MITRE ATT&CK, CIS Benchmarks, NIST, and GDPR. Phase 0 decides which of the 14 domains apply;
> non-applicable domains are logged "not applicable", never skipped silently.
---
## How to use this promptwhen to use it
Community prompt sourced from the open-source GitHub repo marcelrapold/auditor (MIT). A "Security Audit Master Prompt" style prompt — adapt the placeholders and specifics to your task. Imported as-is and not independently retested here, so check the output before relying on it.
tags
productivitycommunitydeveloper
source
marcelrapold/auditor · MIT
more in Productivity
Productivity✓ tested
Summarize a doc into decisions & actions
chief of staff who extracts what to DO, not just what was said
Productivity✓ tested
Draft a reply to a hard email
calm, direct communicator who de-escalates without caving
Productivity✓ tested
Turn a brain-dump into a weekly plan
planning coach who protects your focus, not just your calendar