Security

Use when reviewing work plans or implementation plans before execution - catches context gaps, ambiguous requirements, missing acceptance criteria

Red-team an LLM application against prompt injection and jailbreaks using a curated, categorized payload library and canary-based detection, then produce a resilience score. Use when the user asks to "test my chatbot for prompt injection", "check if my AI app is jailbreakable", "red-team my LLM", "evaluate prompt-injection defenses", or audit a system prompt's guardrails.

Decode and security-audit a JSON Web Token — flag alg=none, missing/excessive expiry, symmetric-alg confusion risk, missing claims — and attempt an offline HMAC secret crack against a wordlist to detect weak signing keys. Use when the user asks to "decode this JWT", "is this token secure?", "audit a JWT", or "check if this token uses a weak secret".

Audit a website's HTTP security headers and cookie flags — CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP/COEP, version-leaking banners, and Secure/HttpOnly/SameSite cookies. Use when the user asks to "check my site's security headers", "audit HTTP headers", "is my CSP/HSTS configured right", or "scan a URL for header misconfigs".

Audit project dependencies for known-vulnerable versions and risky pinning. Parses requirements.txt and package.json, matches a bundled offline advisory DB, optionally queries OSV.dev live, and warns about unpinned versions. Use when the user asks to "check dependencies for vulnerabilities", "audit my requirements.txt / package.json", "scan for vulnerable packages", or "is my dependency tree secure".

Fibery integration. Manage Workspaces. Use when the user wants to interact with Fibery data.

Faraday integration. Manage data, records, and automate workflows. Use when the user wants to interact with Faraday data.

Faraday integration. Manage Organizations. Use when the user wants to interact with Faraday data.

Exabeam integration. Manage data, records, and automate workflows. Use when the user wants to interact with Exabeam data.

Everlaw integration. Manage data, records, and automate workflows. Use when the user wants to interact with Everlaw data.

Escape integration. Manage data, records, and automate workflows. Use when the user wants to interact with Escape data.

Eightfold integration. Manage data, records, and automate workflows. Use when the user wants to interact with Eightfold data.

Drata integration. Manage Controls, Standards, Objectives, Reports, Persons, Risks and more. Use when the user wants to interact with Drata data.

DNSFilter integration. Manage data, records, and automate workflows. Use when the user wants to interact with DNSFilter data.

Detectify integration. Manage Organizations. Use when the user wants to interact with Detectify data.

Cyclr integration. Manage data, records, and automate workflows. Use when the user wants to interact with Cyclr data.

Use when operating the vigolium CLI for web vulnerability scanning, security testing, traffic ingestion, server management, AI agent-driven scanning and code review, cloud-storage management, or writing custom JavaScript extensions. Invoke for scan commands, scan-url, scan-request, run, ingest, server, agent (query/autopilot/swarm/olium/piolium/audit/session), traffic browsing, database queries, storage uploads/downloads, module management, extension scripting, export, project management, and...

Core agent-browser usage guide. Read this before running any agent-browser commands. Covers the snapshot-and-ref workflow, navigating pages, interacting with elements (click, fill, type, select), extracting text and data, taking screenshots, managing tabs, handling forms and auth, waiting for content, running multiple browser sessions in parallel, and troubleshooting common failures. Use when the user asks to interact with a website, fill a form, click something, extract data, take a screensh...

Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data.

Provides web vulnerability testing methodology distilled from 88,636 real-world cases from the WooYun vulnerability database (2010-2016). Use when performing penetration testing, security audits, code reviews for security flaws, or vulnerability research. Covers SQL injection, XSS, command execution, file upload, path traversal, unauthorized access, information disclosure, and business logic flaws.

Draft a single-vulnerability report in GitHub advisory style from an audit finding, bug note, patch diff, PoC, or code review evidence. Use when Codex needs to turn one confirmed security issue into a clean disclosure-ready report with the fixed section set — Summary; Severity, Confidence, Vulnerability Type; Impact; Affected Component; Source to Sink Flow; Vulnerable Code; Proof of concept & Evidence; Preconditions; Remediation — with embedded code snippets, explanatory prose that points to ...

Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue.

Identifies dependencies at heightened risk of exploitation or takeover. Use when assessing supply chain attack surface, evaluating dependency health, or scoping security engagements.

Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whitepapers, finding gaps between specs and implementation, or performing compliance checks for protocol implementations.