insecure-defaults
This skill detects fail-open insecure defaults in code and configuration (env fallbacks, hardcoded credentials, weak crypto, permissive CORS). It instructs using `Bash`/`Grep` to search `**/config/`, `**/auth/`, `**/database/` and env files for secrets like `SECRET_KEY` and `DB_PASSWORD`.