Security Officer
The Security Officer agent provides specialized security review beyond what the general Reviewer covers. It performs threat modeling, identifies common vulnerability patterns (injection, auth bypass, data exposure), and has gate authority to block changes that introduce security risks. Activated for changes touching authentication, authorization, data handling, or external integrations.
How it works
The Security Officer is activated when changes touch security-sensitive areas: authentication, authorization, data encryption, external API integration, user input handling, or database queries. It performs STRIDE threat modeling against the specification, scans the implementation for OWASP Top 10 patterns, checks for hardcoded secrets, and validates that security controls (rate limiting, input validation, access checks) are properly implemented. Its findings are blocking -- security issues must be resolved before shipping.
Security officer STRIDE threat model for authentication changes
Screenshot coming soon
Under the hood
The Security Officer maintains a knowledge base of common vulnerability patterns specific to your tech stack. For .NET projects, it knows about SQL injection via raw queries, improper EF Core usage, missing anti-forgery tokens, and JWT validation pitfalls. For Node.js, it checks for prototype pollution, NoSQL injection, and SSRF. Stack-specific knowledge makes it more effective than generic scanning tools.
Security findings report with severity levels and remediation guidance
Screenshot coming soon
Related Features
Quality Audit
A reviewer agent audits implementation against the original design for Architecture, Reliability, and Code quality.
Reviewer
Quality audit: architecture compliance, security, test quality, and completeness.
/knowzcode:audit
Run quality audits: spec completeness, architecture health, security scanning.