Generate security audit prompt for Claude Code. Args: pr_data: PR data dictionary from GitHub API pr_diff: Optional complete PR diff in unified format include_diff: Whether to include the diff in the prompt (default: True) custom_scan_instructions: Optional c
(pr_data, pr_diff=None, include_diff=True, custom_scan_instructions=None)
| 1 | """Security audit prompt templates.""" |
| 2 | |
| 3 | def get_security_audit_prompt(pr_data, pr_diff=None, include_diff=True, custom_scan_instructions=None): |
| 4 | """Generate security audit prompt for Claude Code. |
| 5 | |
| 6 | Args: |
| 7 | pr_data: PR data dictionary from GitHub API |
| 8 | pr_diff: Optional complete PR diff in unified format |
| 9 | include_diff: Whether to include the diff in the prompt (default: True) |
| 10 | custom_scan_instructions: Optional custom security categories to append |
| 11 | |
| 12 | Returns: |
| 13 | Formatted prompt string |
| 14 | """ |
| 15 | |
| 16 | files_changed = "\n".join([f"- {f['filename']}" for f in pr_data['files']]) |
| 17 | |
| 18 | # Add diff section if provided and include_diff is True |
| 19 | diff_section = "" |
| 20 | if pr_diff and include_diff: |
| 21 | diff_section = f""" |
| 22 | |
| 23 | PR DIFF CONTENT: |
| 24 | ``` |
| 25 | {pr_diff} |
| 26 | ``` |
| 27 | |
| 28 | Review the complete diff above. This contains all code changes in the PR. |
| 29 | """ |
| 30 | elif pr_diff and not include_diff: |
| 31 | diff_section = """ |
| 32 | |
| 33 | NOTE: PR diff was omitted due to size constraints. Please use the file exploration tools to examine the specific files that were changed in this PR. |
| 34 | """ |
| 35 | |
| 36 | # Add custom security categories if provided |
| 37 | custom_categories_section = "" |
| 38 | if custom_scan_instructions: |
| 39 | custom_categories_section = f"\n{custom_scan_instructions}\n" |
| 40 | |
| 41 | return f""" |
| 42 | You are a senior security engineer conducting a focused security review of GitHub PR #{pr_data['number']}: "{pr_data['title']}" |
| 43 | |
| 44 | CONTEXT: |
| 45 | - Repository: {pr_data.get('head', {}).get('repo', {}).get('full_name', 'unknown')} |
| 46 | - Author: {pr_data['user']} |
| 47 | - Files changed: {pr_data['changed_files']} |
| 48 | - Lines added: {pr_data['additions']} |
| 49 | - Lines deleted: {pr_data['deletions']} |
| 50 | |
| 51 | Files modified: |
| 52 | {files_changed}{diff_section} |
| 53 | |
| 54 | OBJECTIVE: |
| 55 | Perform a security-focused code review to identify HIGH-CONFIDENCE security vulnerabilities that could have real exploitation potential. This is not a general code review - focus ONLY on security implications newly added by this PR. Do not comment on existing security concerns. |
| 56 | |
| 57 | CRITICAL INSTRUCTIONS: |
| 58 | 1. MINIMIZE FALSE POSITIVES: Only flag issues where you're >80% confident of actual exploitability |
| 59 | 2. AVOID NOISE: Skip theoretical issues, style concerns, or low-impact findings |
| 60 | 3. FOCUS ON IMPACT: Prioritize vulnerabilities that could lead to unauthorized access, data breaches, or system compromise |
no outgoing calls