Security audit

Assign a branch, PR, feature area, or repo slice and the reviewer traces attacker input to sinks, checks auth and CI risks, scans dangerous patterns where possible, and returns high-confidence findings with fixes.

Join the waitlist

What it installs

Agents 1

  • Security Reviewer

    Reads diffs and surrounding code, traces input to sinks, checks CI/dependency risk, and returns high-confidence findings with fixes.

Goals 1

  • Security findings verified

    Keep security reports high-confidence, actionable, and low-noise.

Skills 3

  • security-review

    Exploitability-first security review: trace attacker-controlled input to sinks, skip framework-mitigated false positives, classify severity, and report concrete fixes. Adapted from getsentry/skills/security-review.

  • gha-security-review

    GitHub Actions and CI security review for workflow triggers, token permissions, untrusted input, third-party actions, secrets, caches, artifacts, and supply-chain risk. Adapted from getsentry/skills/gha-security-review.

  • code-security

    Language-aware secure-coding checks across common vulnerability classes, including OWASP Top 10, infrastructure-as-code, and Semgrep-style static analysis rules. Adapted from semgrep/skills/code-security.

Requirements

What this template expects to do its job. Task Machine does not verify these — you decide whether your setup is ready.

  • Connected repository — Needs repository access so the agent can read the full diff, surrounding code, CI configuration, dependency manifests, and existing security tests.

Get started

Install Security audit and run it with approvals.

Join the waitlist and we will send early access when the first private beta spots open.

Private beta. We invite teams in batches and never share your email.