Deep inspection of environment variable handling, secrets storage patterns, and runtime configuration security.
This audit covers 18 checks across environment variable exposure risks, secrets management practices, .env file hygiene, server-side vs client-side variable segregation, and configuration drift between environments. AI tools frequently expose secrets through client bundles or commit them to version control — this audit catches those patterns before they reach production.
18
Total Checks
3
Delivery Formats
4
Categories
6
Versions
Included
Never included
Prompt quality hardening: added counting/enumeration, numeric thresholds, cross-references, negative guardrails, measurement-on-pass, and quoting directives across all checks
Picked by pack overlap with this audit.
Foundational security assessment covering HTTP security headers, transport security configuration, and basic security hygiene to protect against common web attacks.
Advanced security header configuration quality — evaluates whether headers are configured correctly, not just present. Sequel to Security Headers & Basics.
Data handling assessment across the AI processing pipeline, covering storage, retention, PII protection, and user control over third-party model data sharing.
Safety assessment against prompt injection attacks, identifying vulnerabilities where untrusted user input might cause the AI to ignore instructions or exfiltrate data.
Comprehensive security audit for REST and GraphQL APIs, covering authentication, authorization, input validation, and protection against OWASP API Top 10 threats.