MCPcopy
hub / github.com/anthropics/claude-code-security-review / get_security_audit_prompt

Function get_security_audit_prompt

claudecode/prompts.py:3–176  ·  view source on GitHub ↗

Generate security audit prompt for Claude Code. Args: pr_data: PR data dictionary from GitHub API pr_diff: Optional complete PR diff in unified format include_diff: Whether to include the diff in the prompt (default: True) custom_scan_instructions: Optional c

(pr_data, pr_diff=None, include_diff=True, custom_scan_instructions=None)

Source from the content-addressed store, hash-verified

1"""Security audit prompt templates."""
2
3def get_security_audit_prompt(pr_data, pr_diff=None, include_diff=True, custom_scan_instructions=None):
4 """Generate security audit prompt for Claude Code.
5
6 Args:
7 pr_data: PR data dictionary from GitHub API
8 pr_diff: Optional complete PR diff in unified format
9 include_diff: Whether to include the diff in the prompt (default: True)
10 custom_scan_instructions: Optional custom security categories to append
11
12 Returns:
13 Formatted prompt string
14 """
15
16 files_changed = "\n".join([f"- {f['filename']}" for f in pr_data['files']])
17
18 # Add diff section if provided and include_diff is True
19 diff_section = ""
20 if pr_diff and include_diff:
21 diff_section = f"""
22
23PR DIFF CONTENT:
24```
25{pr_diff}
26```
27
28Review the complete diff above. This contains all code changes in the PR.
29"""
30 elif pr_diff and not include_diff:
31 diff_section = """
32
33NOTE: PR diff was omitted due to size constraints. Please use the file exploration tools to examine the specific files that were changed in this PR.
34"""
35
36 # Add custom security categories if provided
37 custom_categories_section = ""
38 if custom_scan_instructions:
39 custom_categories_section = f"\n{custom_scan_instructions}\n"
40
41 return f"""
42You are a senior security engineer conducting a focused security review of GitHub PR #{pr_data['number']}: "{pr_data['title']}"
43
44CONTEXT:
45- Repository: {pr_data.get('head', {}).get('repo', {}).get('full_name', 'unknown')}
46- Author: {pr_data['user']}
47- Files changed: {pr_data['changed_files']}
48- Lines added: {pr_data['additions']}
49- Lines deleted: {pr_data['deletions']}
50
51Files modified:
52{files_changed}{diff_section}
53
54OBJECTIVE:
55Perform a security-focused code review to identify HIGH-CONFIDENCE security vulnerabilities that could have real exploitation potential. This is not a general code review - focus ONLY on security implications newly added by this PR. Do not comment on existing security concerns.
56
57CRITICAL INSTRUCTIONS:
581. MINIMIZE FALSE POSITIVES: Only flag issues where you're >80% confident of actual exploitability
592. AVOID NOISE: Skip theoretical issues, style concerns, or low-impact findings
603. FOCUS ON IMPACT: Prioritize vulnerabilities that could lead to unauthorized access, data breaches, or system compromise

Calls

no outgoing calls