docs: address Korean translation review feedback

docs/ko-KR/skills/security-review/SKILL.md

@@ -215,8 +215,8 @@ const securityHeaders = [
     key: 'Content-Security-Policy',
     value: `
       default-src 'self';
-      script-src 'self' 'unsafe-eval' 'unsafe-inline';
-      style-src 'self' 'unsafe-inline';
+      script-src 'self' 'nonce-{nonce}';
+      style-src 'self' 'nonce-{nonce}';
       img-src 'self' data: https:;
       font-src 'self';
       connect-src 'self' https://api.example.com;
@@ -225,6 +225,8 @@ const securityHeaders = [
 ]
 ```
 
+`{nonce}`는 요청마다 새로 생성하고, 헤더와 인라인 `<script>`/`<style>` 태그에 동일하게 주입해야 합니다.
+
 #### 확인 단계
 - [ ] 사용자 제공 HTML이 새니타이징됨
 - [ ] CSP 헤더가 구성됨
@@ -339,7 +341,9 @@ catch (error) {
 
 #### 지갑 검증
 ```typescript
-import { verify } from '@solana/web3.js'
+import nacl from 'tweetnacl'
+import bs58 from 'bs58'
+import { PublicKey } from '@solana/web3.js'
 
 async function verifyWalletOwnership(
   publicKey: string,
@@ -347,18 +351,23 @@ async function verifyWalletOwnership(
   message: string
 ) {
   try {
-    const isValid = verify(
-      Buffer.from(message),
-      Buffer.from(signature, 'base64'),
-      Buffer.from(publicKey, 'base64')
+    const publicKeyBytes = new PublicKey(publicKey).toBytes()
+    const signatureBytes = bs58.decode(signature)
+    const messageBytes = new TextEncoder().encode(message)
+
+    return nacl.sign.detached.verify(
+      messageBytes,
+      signatureBytes,
+      publicKeyBytes
     )
-    return isValid
   } catch (error) {
     return false
   }
 }
 ```
 
+참고: Solana 공개 키와 서명은 일반적으로 base64가 아니라 base58로 인코딩됩니다.
+
 #### 트랜잭션 검증
 ```typescript
 async function verifyTransaction(transaction: Transaction) {

docs/ko-KR/skills/security-review/cloud-infrastructure-security.md

@@ -195,7 +195,7 @@ jobs:
 
       # Scan for secrets
       - name: Secret scanning
-        uses: trufflesecurity/trufflehog@main
+        uses: trufflesecurity/trufflehog@6c05c4a00b91aa542267d8e32a8254774799d68d
 
       # Dependency audit
       - name: Audit dependencies
@@ -215,7 +215,7 @@ jobs:
 // package.json - Use lock files and integrity checks
 {
   "scripts": {
-    "install": "npm ci",  // Use ci for reproducible builds
+    "deps:install": "npm ci",  // Use ci for reproducible builds
     "audit": "npm audit --audit-level=moderate",
     "check": "npm outdated"
   }