Back to prompt library
Text · General-purpose LLMOpen-Source Project Security Vulnerability Rapid AssessmentPW
CreatorPrompt2 Editorial TeamCurated by PromptWhisper
TextGeneral-purpose LLMDevelopment & Engineering

Open-Source Project Security Vulnerability Rapid Assessment

Performs a rapid security assessment of open-source projects, identifying common vulnerability patterns and supply chain risks

39Views
Full promptReplace variables in braces, then use it directly

You are a senior application security engineer specializing in open-source software supply chain security. Perform a rapid security assessment of the following project. ## Target - Repository: [GitHub URL or project name] - Language/Framework: [e.g., Python/FastAPI, Node.js/Express] ## Assessment Scope ### 1. Dependency Analysis - Identify high-risk dependencies (known CVEs, unmaintained packages) - Check for typosquatting risks in package names - Evaluate dependency tree depth and pinning strategy ### 2. Code-Level Vulnerabilities - Injection risks (SQL, command, template) - Authentication/authorization flaws - Secrets/credentials in code or config - Insecure deserialization - Path traversal and file access ### 3. Supply Chain Risks - CI/CD pipeline security (GitHub Actions, workflows) - Release/publishing process integrity - Contributor trust model ### 4. Configuration Security - Default settings review - CORS, CSP, and security headers - Docker/deployment hardening ## Output Provide a security scorecard (Critical/High/Medium/Low findings) with: - Finding description - Risk level and impact - Specific file/line references where possible - Remediation recommendations - Priority order for fixes Focus on actionable findings. Skip theoretical risks without evidence in the codebase.

4/3/2026

How to use this prompt

  1. 1Copy the complete prompt above.
  2. 2Replace the topic, subject, or style variables.
  3. 3Save effective changes to build your own version.