feat: add security-review skill for AI-powered codebase vulnerability scanning (#1211)

* feat: add security-review skill for AI-powered codebase vulnerability scanning

* chore: regenerate README tables

* fix: address Copilot review comments on reference files

Author: Mrigank005

docs/README.skills.md

@@ -241,6 +241,7 @@ See [CONTRIBUTING.md](../CONTRIBUTING.md#adding-skills) for guidelines on how to
 | [scaffolding-oracle-to-postgres-migration-test-project](../skills/scaffolding-oracle-to-postgres-migration-test-project/SKILL.md) | Scaffolds an xUnit integration test project for validating Oracle-to-PostgreSQL database migration behavior in .NET solutions. Creates the test project, transaction-rollback base class, and seed data manager. Use when setting up test infrastructure before writing migration integration tests, or when a test project is needed for Oracle-to-PostgreSQL validation. | None |
 | [scoutqa-test](../skills/scoutqa-test/SKILL.md) | This skill should be used when the user asks to "test this website", "run exploratory testing", "check for accessibility issues", "verify the login flow works", "find bugs on this page", or requests automated QA testing. Triggers on web application testing scenarios including smoke tests, accessibility audits, e-commerce flows, and user flow validation using ScoutQA CLI. Use this skill proactively after implementing web application features to verify they work correctly. | None |
 | [secret-scanning](../skills/secret-scanning/SKILL.md) | Guide for configuring and managing GitHub secret scanning, push protection, custom patterns, and secret alert remediation. For pre-commit secret scanning in AI coding agents via the GitHub MCP Server, this skill references the Advanced Security plugin (`advanced-security@copilot-plugins`). Use this skill when enabling secret scanning, setting up push protection, defining custom patterns, triaging alerts, resolving blocked pushes, or when an agent needs to scan code for secrets before committing. | `references/alerts-and-remediation.md`<br />`references/custom-patterns.md`<br />`references/push-protection.md` |
+| [security-review](../skills/security-review/SKILL.md) | AI-powered codebase security scanner that reasons about code like a security researcher — tracing data flows, understanding component interactions, and catching vulnerabilities that pattern-matching tools miss. Use this skill when asked to scan code for security vulnerabilities, find bugs, check for SQL injection, XSS, command injection, exposed API keys, hardcoded secrets, insecure dependencies, access control issues, or any request like "is my code secure?", "review for security issues", "audit this codebase", or "check for vulnerabilities". Covers injection flaws, authentication and access control bugs, secrets exposure, weak cryptography, insecure dependencies, and business logic issues across JavaScript, TypeScript, Python, Java, PHP, Go, Ruby, and Rust. | `references/language-patterns.md`<br />`references/report-format.md`<br />`references/secret-patterns.md`<br />`references/vuln-categories.md`<br />`references/vulnerable-packages.md` |
 | [semantic-kernel](../skills/semantic-kernel/SKILL.md) | Create, update, refactor, explain, or review Semantic Kernel solutions using shared guidance plus language-specific references for .NET and Python. | `references/dotnet.md`<br />`references/python.md` |
 | [shuffle-json-data](../skills/shuffle-json-data/SKILL.md) | Shuffle repetitive JSON objects safely by validating schema consistency before randomising entries. | None |
 | [snowflake-semanticview](../skills/snowflake-semanticview/SKILL.md) | Create, alter, and validate Snowflake semantic views using Snowflake CLI (snow). Use when asked to build or troubleshoot semantic views/semantic layer definitions with CREATE/ALTER SEMANTIC VIEW, to validate semantic-view DDL against Snowflake via CLI, or to guide Snowflake CLI installation and connection setup. | None |

skills/security-review/SKILL.md

@@ -0,0 +1,168 @@
+---
+name: security-review
+description: 'AI-powered codebase security scanner that reasons about code like a security researcher — tracing data flows, understanding component interactions, and catching vulnerabilities that pattern-matching tools miss. Use this skill when asked to scan code for security vulnerabilities, find bugs, check for SQL injection, XSS, command injection, exposed API keys, hardcoded secrets, insecure dependencies, access control issues, or any request like "is my code secure?", "review for security issues", "audit this codebase", or "check for vulnerabilities". Covers injection flaws, authentication and access control bugs, secrets exposure, weak cryptography, insecure dependencies, and business logic issues across JavaScript, TypeScript, Python, Java, PHP, Go, Ruby, and Rust.'
+---
+
+# Security Review
+
+An AI-powered security scanner that reasons about your codebase the way a human security
+researcher would — tracing data flows, understanding component interactions, and catching
+vulnerabilities that pattern-matching tools miss.
+
+## When to Use This Skill
+
+Use this skill when the request involves:
+
+- Scanning a codebase or file for security vulnerabilities
+- Running a security review or vulnerability check
+- Checking for SQL injection, XSS, command injection, or other injection flaws
+- Finding exposed API keys, hardcoded secrets, or credentials in code
+- Auditing dependencies for known CVEs
+- Reviewing authentication, authorization, or access control logic
+- Detecting insecure cryptography or weak randomness
+- Performing a data flow analysis to trace user input to dangerous sinks
+- Any request phrasing like "is my code secure?", "scan this file", or "check my repo for vulnerabilities"
+- Running `/security-review` or `/security-review <path>`
+
+## How This Skill Works
+
+Unlike traditional static analysis tools that match patterns, this skill:
+1. **Reads code like a security researcher** — understanding context, intent, and data flow
+2. **Traces across files** — following how user input moves through your application
+3. **Self-verifies findings** — re-examines each result to filter false positives
+4. **Assigns severity ratings** — CRITICAL / HIGH / MEDIUM / LOW / INFO
+5. **Proposes targeted patches** — every finding includes a concrete fix
+6. **Requires human approval** — nothing is auto-applied; you always review first
+
+## Execution Workflow
+
+Follow these steps **in order** every time:
+
+### Step 1 — Scope Resolution
+Determine what to scan:
+- If a path was provided (`/security-review src/auth/`), scan only that scope
+- If no path given, scan the **entire project** starting from the root
+- Identify the language(s) and framework(s) in use (check package.json, requirements.txt,
+  go.mod, Cargo.toml, pom.xml, Gemfile, composer.json, etc.)
+- Read `references/language-patterns.md` to load language-specific vulnerability patterns
+
+### Step 2 — Dependency Audit
+Before scanning source code, audit dependencies first (fast wins):
+- **Node.js**: Check `package.json` + `package-lock.json` for known vulnerable packages
+- **Python**: Check `requirements.txt` / `pyproject.toml` / `Pipfile`
+- **Java**: Check `pom.xml` / `build.gradle`
+- **Ruby**: Check `Gemfile.lock`
+- **Rust**: Check `Cargo.toml`
+- **Go**: Check `go.sum`
+- Flag packages with known CVEs, deprecated crypto libs, or suspiciously old pinned versions
+- Read `references/vulnerable-packages.md` for a curated watchlist
+
+### Step 3 — Secrets & Exposure Scan
+Scan ALL files (including config, env, CI/CD, Dockerfiles, IaC) for:
+- Hardcoded API keys, tokens, passwords, private keys
+- `.env` files accidentally committed
+- Secrets in comments or debug logs
+- Cloud credentials (AWS, GCP, Azure, Stripe, Twilio, etc.)
+- Database connection strings with credentials embedded
+- Read `references/secret-patterns.md` for regex patterns and entropy heuristics to apply
+
+### Step 4 — Vulnerability Deep Scan
+This is the core scan. Reason about the code — don't just pattern-match.
+Read `references/vuln-categories.md` for full details on each category.
+
+**Injection Flaws**
+- SQL Injection: raw queries with string interpolation, ORM misuse, second-order SQLi
+- XSS: unescaped output, dangerouslySetInnerHTML, innerHTML, template injection
+- Command Injection: exec/spawn/system with user input
+- LDAP, XPath, Header, Log injection
+
+**Authentication & Access Control**
+- Missing authentication on sensitive endpoints
+- Broken object-level authorization (BOLA/IDOR)
+- JWT weaknesses (alg:none, weak secrets, no expiry validation)
+- Session fixation, missing CSRF protection
+- Privilege escalation paths
+- Mass assignment / parameter pollution
+
+**Data Handling**
+- Sensitive data in logs, error messages, or API responses
+- Missing encryption at rest or in transit
+- Insecure deserialization
+- Path traversal / directory traversal
+- XXE (XML External Entity) processing
+- SSRF (Server-Side Request Forgery)
+
+**Cryptography**
+- Use of MD5, SHA1, DES for security purposes
+- Hardcoded IVs or salts
+- Weak random number generation (Math.random() for tokens)
+- Missing TLS certificate validation
+
+**Business Logic**
+- Race conditions (TOCTOU)
+- Integer overflow in financial calculations
+- Missing rate limiting on sensitive endpoints
+- Predictable resource identifiers
+
+### Step 5 — Cross-File Data Flow Analysis
+After the per-file scan, perform a **holistic review**:
+- Trace user-controlled input from entry points (HTTP params, headers, body, file uploads)
+  all the way to sinks (DB queries, exec calls, HTML output, file writes)
+- Identify vulnerabilities that only appear when looking at multiple files together
+- Check for insecure trust boundaries between services or modules
+
+### Step 6 — Self-Verification Pass
+For EACH finding:
+1. Re-read the relevant code with fresh eyes
+2. Ask: "Is this actually exploitable, or is there sanitization I missed?"
+3. Check if a framework or middleware already handles this upstream
+4. Downgrade or discard findings that aren't genuine vulnerabilities
+5. Assign final severity: CRITICAL / HIGH / MEDIUM / LOW / INFO
+
+### Step 7 — Generate Security Report
+Output the full report in the format defined in `references/report-format.md`.
+
+### Step 8 — Propose Patches
+For every CRITICAL and HIGH finding, generate a concrete patch:
+- Show the vulnerable code (before)
+- Show the fixed code (after)
+- Explain what changed and why
+- Preserve the original code style, variable names, and structure
+- Add a comment explaining the fix inline
+
+Explicitly state: **"Review each patch before applying. Nothing has been changed yet."**
+
+## Severity Guide
+
+| Severity | Meaning | Example |
+|----------|---------|---------|
+| 🔴 CRITICAL | Immediate exploitation risk, data breach likely | SQLi, RCE, auth bypass |
+| 🟠 HIGH | Serious vulnerability, exploit path exists | XSS, IDOR, hardcoded secrets |
+| 🟡 MEDIUM | Exploitable with conditions or chaining | CSRF, open redirect, weak crypto |
+| 🔵 LOW | Best practice violation, low direct risk | Verbose errors, missing headers |
+| ⚪ INFO | Observation worth noting, not a vulnerability | Outdated dependency (no CVE) |
+
+## Output Rules
+
+- **Always** produce a findings summary table first (counts by severity)
+- **Never** auto-apply any patch — present patches for human review only
+- **Always** include a confidence rating per finding (High / Medium / Low)
+- **Group findings** by category, not by file
+- **Be specific** — include file path, line number, and the exact vulnerable code snippet
+- **Explain the risk** in plain English — what could an attacker do with this?
+- If the codebase is clean, say so clearly: "No vulnerabilities found" with what was scanned
+
+## Reference Files
+
+For detailed detection guidance, load the following reference files as needed:
+
+- `references/vuln-categories.md` — Deep reference for every vulnerability category with detection signals, safe patterns, and escalation checkers
+  - Search patterns: `SQL injection`, `XSS`, `command injection`, `SSRF`, `BOLA`, `IDOR`, `JWT`, `CSRF`, `secrets`, `cryptography`, `race condition`, `path traversal`
+- `references/secret-patterns.md` — Regex patterns, entropy-based detection, and CI/CD secret risks
+  - Search patterns: `API key`, `token`, `private key`, `connection string`, `entropy`, `.env`, `GitHub Actions`, `Docker`, `Terraform`
+- `references/language-patterns.md` — Framework-specific vulnerability patterns for JavaScript, Python, Java, PHP, Go, Ruby, and Rust
+  - Search patterns: `Express`, `React`, `Next.js`, `Django`, `Flask`, `FastAPI`, `Spring Boot`, `PHP`, `Go`, `Rails`, `Rust`
+- `references/vulnerable-packages.md` — Curated CVE watchlist for npm, pip, Maven, Rubygems, Cargo, and Go modules
+  - Search patterns: `lodash`, `axios`, `jsonwebtoken`, `Pillow`, `log4j`, `nokogiri`, `CVE`
+- `references/report-format.md` — Structured output template for security reports with finding cards, dependency audit, secrets scan, and patch proposal formatting
+  - Search patterns: `report`, `format`, `template`, `finding`, `patch`, `summary`, `confidence`

skills/security-review/references/language-patterns.md

@@ -0,0 +1,221 @@
+# Language-Specific Vulnerability Patterns
+
+Load the relevant section during Step 1 (Scope Resolution) after identifying languages.
+
+---
+
+## JavaScript / TypeScript (Node.js, React, Next.js, Express)
+
+### Critical APIs/calls to flag
+```js
+eval()                    // arbitrary code execution
+Function('return ...')   // same as eval
+child_process.exec()     // command injection if user input reaches it
+fs.readFile              // path traversal if user controls path
+fs.writeFile             // path traversal if user controls path
+```
+
+### Express.js specific
+```js
+// Missing helmet (security headers)
+const app = express()
+// Should have: app.use(helmet())
+
+// Body size limits missing (DoS)
+app.use(express.json())
+// Should have: app.use(express.json({ limit: '10kb' }))
+
+// CORS misconfiguration
+app.use(cors({ origin: '*' }))  // too permissive
+app.use(cors({ origin: req.headers.origin }))  // reflects any origin
+
+// Trust proxy without validation
+app.set('trust proxy', true)  // only safe behind known proxy
+```
+
+### React specific
+```jsx
+<div dangerouslySetInnerHTML={{ __html: userContent }} />  // XSS
+<a href={userUrl}>link</a>  // javascript: URL injection
+```
+
+### Next.js specific
+```js
+// Server Actions without auth
+export async function deleteUser(id) {   // missing: auth check
+  await db.users.delete(id)
+}
+
+// API Routes missing method validation
+export default function handler(req, res) {
+  // Should check: if (req.method !== 'POST') return res.status(405)
+  doSensitiveAction()
+}
+```
+
+---
+
+## Python (Django, Flask, FastAPI)
+
+### Django specific
+```python
+# Raw SQL
+User.objects.raw(f"SELECT * FROM users WHERE name = '{name}'")  # SQLi
+
+# Missing CSRF
+@csrf_exempt  # Only OK for APIs with token auth
+
+# Debug mode in production
+DEBUG = True  # in settings.py — exposes stack traces
+
+# SECRET_KEY
+SECRET_KEY = 'django-insecure-...'  # must be changed for production
+
+# ALLOWED_HOSTS
+ALLOWED_HOSTS = ['*']  # too permissive
+```
+
+### Flask specific
+```python
+# Debug mode
+app.run(debug=True)  # never in production
+
+# Secret key
+app.secret_key = 'dev'  # weak
+
+# eval/exec with user input
+eval(request.args.get('expr'))
+
+# render_template_string with user input (SSTI)
+render_template_string(f"Hello {name}")  # Server-Side Template Injection
+```
+
+### FastAPI specific
+```python
+# Missing auth dependency
+@app.delete("/users/{user_id}")  # No Depends(get_current_user)
+async def delete_user(user_id: int):
+    ...
+
+# Arbitrary file read
+@app.get("/files/{filename}")
+async def read_file(filename: str):
+    return FileResponse(f"uploads/{filename}")  # path traversal
+```
+
+---
+
+## Java (Spring Boot)
+
+### Spring Boot specific
+```java
+// SQL Injection
+String query = "SELECT * FROM users WHERE name = '" + name + "'";
+jdbcTemplate.query(query, ...);
+
+// XXE
+DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+// Missing: dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true)
+
+// Deserialization
+ObjectInputStream ois = new ObjectInputStream(inputStream);
+Object obj = ois.readObject();  // only safe with allowlist
+
+// Spring Security — permitAll on sensitive endpoint
+.antMatchers("/admin/**").permitAll()
+
+// Actuator endpoints exposed
+management.endpoints.web.exposure.include=*  # in application.properties
+```
+
+---
+
+## PHP
+
+```php
+// Direct user input in queries
+$result = mysql_query("SELECT * FROM users WHERE id = " . $_GET['id']);
+
+// File inclusion
+include($_GET['page'] . ".php");  // local/remote file inclusion
+
+// eval
+eval($_POST['code']);
+
+// extract() with user input
+extract($_POST);  // overwrites any variable
+
+// Loose comparison
+if ($password == "admin") {}  // use === instead
+
+// Unserialize
+unserialize($_COOKIE['data']);  // remote code execution
+```
+
+---
+
+## Go
+
+```go
+// Command injection
+exec.Command("sh", "-c", userInput)
+
+// SQL injection
+db.Query("SELECT * FROM users WHERE name = '" + name + "'")
+
+// Path traversal
+filePath := filepath.Join("/uploads/", userInput)  // sanitize userInput first
+
+// Insecure TLS
+http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}
+
+// Goroutine leak / missing context cancellation
+go func() {
+  // No done channel or context
+  for { ... }
+}()
+```
+
+---
+
+## Ruby on Rails
+
+```ruby
+# SQL injection (safe alternatives use placeholders)
+User.where("name = '#{params[:name]}'")  # VULNERABLE
+User.where("name = ?", params[:name])   # SAFE
+
+# Mass assignment without strong params
+@user.update(params[:user])  # should be params.require(:user).permit(...)
+
+# eval / send with user input
+eval(params[:code])
+send(params[:method])  # arbitrary method call
+
+# Redirect to user-supplied URL (open redirect)
+redirect_to params[:url]
+
+# YAML.load (allows arbitrary object creation)
+YAML.load(user_input)  # use YAML.safe_load instead
+```
+
+---
+
+## Rust
+
+```rust
+// Unsafe blocks — flag for manual review
+unsafe {
+    // Reason for unsafety should be documented
+}
+
+// Integer overflow (debug builds panic, release silently wraps)
+let result = a + b;  // use checked_add/saturating_add for financial math
+
+// Unwrap/expect in production code (panics on None/Err)
+let value = option.unwrap();  // prefer ? or match
+
+// Deserializing arbitrary types
+serde_json::from_str::<serde_json::Value>(&user_input)  // generally safe
+// But: bincode::deserialize from untrusted input — can be exploited
+```