Security

Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.

Expert security auditor specializing in DevSecOps, comprehensive

A comprehensive security skill that integrates with Secure Flow to help AI coding agents write secure code, perform security reviews, and implement security best practices. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.

Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls.

Expert firmware analyst specializing in embedded systems, IoT

Specialized skill for Rails security, authorization, and data protection. Use when implementing Pundit policies, Lockbox encryption, Blind Index searches, authentication, secure configuration, or fixing security vulnerabilities. Includes security best practices and common pitfall prevention.

Java Spring Boot 服务中关于身份验证/授权、验证、CSRF、密钥、标头、速率限制和依赖安全的 Spring Security 最佳实践。

Team Mode security research skill. Orchestrates 3 vulnerability hunters and 2 PoC engineers to audit a codebase in parallel, prove exploitability, classify root causes, and calibrate severity by actual exploitability. Use for security review, vulnerability research, exploitability audit, pre-release security check, threat model validation, and `/security-research`. Triggers: 'security-research', 'security research', 'security review', 'vulnerability audit', 'exploitability audit', '보안 리뷰', '취...

Sécurité. Use when reviewing security, implementing auth, or hardening code.

Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.

Threat modeling methodologies (STRIDE, DREAD, PASTA, attack trees) for secure architecture design. Use when planning new systems, reviewing architecture security, identifying threats, or assessing risk. Triggers: threat modeling, threat model, STRIDE, DREAD, attack tree, attack surface, trust boundary, data flow diagram, DFD, threat analysis, risk assessment, adversary, threat actor, threat vector, mitigation, security architecture, attack scenario, vulnerability assessment, security posture,...

Implement PCI DSS compliance requirements for secure handling of payment card data and payment systems. Use when securing payment processing, achieving PCI compliance, or implementing payment card security measures.

Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.

Unified brand compliance validation across visual, verbal, and legal dimensions.

Audit crypto wallet security including private key management and transaction signing. Use when auditing wallet security practices. Trigger with phrases like "audit wallet", "check security", or "verify signatures".

Execute threat modeling, vulnerability scanning, and security control validation.

This skill should be used when the user asks to "pentest WordPress sites", "scan WordPress for vulnerabilities", "enumerate WordPress users, themes, or plugins", "exploit WordPress vulnerabilities", or "use WPScan". It provides comprehensive WordPress security assessment methodologies.

Understand anti-reversing, obfuscation, and protection techniques encountered during software analysis. Use when analyzing protected binaries, bypassing anti-debugging for authorized analysis, or understanding software protection mechanisms.

Set up the Globalize CLI, create a translation project, and connect a GitHub or GitLab repository. Use this skill when the user asks to set up Globalize, install the Globalize CLI, authenticate with Globalize, or connect their project to the Globalize translation platform. Also use when the user mentions @globalize-now/cli-client or globalise-now-cli. This skill handles installation, authentication, project creation, and repository connection. For managing existing projects (glossaries, style...

Simulate web penetration testing for auth bypass, IDOR, privilege escalation, SSRF, rate-limit bypass, JWT attacks, API abuse, and business logic flaws.

Senior ISMS Audit Expert for internal and external information security management system auditing. Provides ISO 27001 audit expertise, security audit program management, security control assessment, and compliance verification. Use for ISMS internal auditing, external audit preparation, security control testing, and ISO 27001 certification support.

Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.

The company inlanfreitgh has contracted to perform web app assesments against one of their public-facing website. In light of a recent breach of one of their main competitors, they are particulary concerned with SLQ injection vulnerability and the damaga dicovery ans susscessful explotation of this attack could do to their public image and bottom line.

Systematic methodology for developing reliable exploits from vulnerability discovery to weaponization