A prompt-based security audit for AI systems. Copy it, paste it into any AI assistant with codebase access, and get a structured vulnerability report in minutes.
Most AI systems ship with zero security review. MCP servers running unrestricted shell access. API keys hardcoded in config files committed to git. Agent prompts with no injection defenses. The AI ecosystem is moving fast, but security tooling hasn't caught up -- and most teams don't even know what to check.
A comprehensive security audit prompt. Not a CLI tool. Not a SaaS product. Just a well-structured prompt that turns any AI assistant (Claude, GPT, Gemini, or anything with codebase access) into a security auditor.
You give it access to your project, it systematically reads your files, and it produces a detailed report with specific findings, evidence, and remediation steps.
The audit covers 8 categories across ~30 individual checks:
| Category | What It Looks For |
|---|---|
| MCP Server Security | Transport security, tool exposure, input validation, secret handling, trust boundaries |
| Agent & Prompt Security | Prompt injection resistance, system prompt leakage, agent boundary enforcement, instruction hierarchy |
| Secret & Credential Management | Hardcoded secrets, env variable hygiene, secret scope, logging exposure |
| Data Flow & Privacy | Data sent to LLM providers, retention policies, output validation, context window risks |
| LLM API Configuration | Rate limiting, cost controls, model access restrictions, error handling |
| Permission & Access Control | File system access, network access, destructive operations, least privilege |
| Supply Chain & Dependencies | Third-party MCP servers, dependency vulnerabilities, model supply chain |
| Output Security | Code execution risks, injection attacks, file write safety |
Every finding includes a risk level (Critical / High / Medium / Low / Info), the exact file and line number, what could go wrong, and a specific fix.
1. Copy the prompt
Grab the contents of SKILL.md -- that's the entire audit.
2. Paste it into your AI assistant
Use any AI assistant that has access to your codebase:
- Claude Code / Claude with project files
- ChatGPT with Code Interpreter or file uploads
- Cursor, Windsurf, or any AI-powered IDE
- Any agent with MCP filesystem access
3. Let it run
The audit works in three phases:
- Discovery -- maps your project structure, configs, and AI components
- Audit -- works through all 8 categories, reading and analyzing relevant files
- Report -- produces a findings list and a summary scorecard with severity counts, category scores, and a prioritized action plan
4. Review the report
You'll get a structured report like this for every issue found:
### [CRITICAL] Hardcoded OpenAI API Key in MCP Config
- Risk: Critical
- Category: C. Secret & Credential Management
- Finding: The .mcp.json file contains a hardcoded OpenAI API key
passed directly as an argument rather than referenced as an
environment variable.
- Evidence: .mcp.json, line 14: "args": ["--api-key", "sk-proj-abc123..."]
- Impact: Anyone with repository access can extract the API key.
This allows unlimited usage billed to the org and potential
data exfiltration through the API.
- Recommendation: Move the key to .env and reference it via the
env field. Rotate the exposed key immediately.
See examples/sample-report.md for a full report against a hypothetical AI agent platform.
- Developers building AI agents or multi-agent systems
- Teams running MCP servers (Claude, or any MCP-compatible client)
- Anyone integrating LLM APIs into production applications
- Security engineers reviewing AI-powered codebases
If your project has a .mcp.json, agent prompts, or LLM API calls, this audit is for you.
Found a gap in the audit? Have a check we should add? PRs are welcome.
- Add new checks to the relevant category in
SKILL.md - Follow the existing format: check ID, description, what to examine
- If you've run the audit on your own system and found something interesting, open an issue
MIT -- see LICENSE.
Hamza Shahbaz -- Senior web developer with 13+ years building for the web. Currently focused on AI systems, Shopify, and the infrastructure where code meets conversion.
- Website: hamzashahbaz.com
- GitHub: @hamzashahbaz
- LinkedIn: /in/ihamzashahbaz