CSO — Chief Security Officer Audit (gstack-ko)

What it does

Provides a comprehensive, infrastructure-first security audit workflow designed as a Chief Security Officer persona. It guides the agent through stack detection, secrets archaeology, dependency and CI/CD analysis, webhook and integration checks, LLM/AI-specific security, skill supply-chain scanning, OWASP Top 10 validation, STRIDE threat modeling, and active verification filters. Produces a structured findings report with exploit scenarios and remediation recommendations.

When to use it

Invoke manually with /cso for daily zero-noise audits or /cso --comprehensive for deeper monthly scans. Use when you need a first-pass security posture review, trend tracking across audits, or to triage high-risk CI/dependency issues. Not intended to run automatically — manual trigger only.

What's included

• Scripts: preamble and telemetry hooks referenced; installation and runtime assume upstream gstack tooling.
• References: extensive in-file procedural guidance, phases, and reporting schemas; repository acts as a localized Korean-language layer for upstream gstack.
• Instructions: step-by-step phases (0-14) covering detection, scanning, verification, reporting, and telemetry saving.

Compatible agents

Designed for Claude Code environments and gstack-enabled Claude agent setups; expects Bash, Grep, Read, Write, WebSearch and Agent tool access.