Loading...
Loading...
Found 153 Skills
Systematically testing web applications for broken access control vulnerabilities including privilege escalation, missing function-level checks, and insecure direct object references.
Professional Skills and Methodologies for Secure Code Review
Run a comprehensive security review on code
Security testing patterns including SAST, DAST, penetration testing, and vulnerability assessment techniques. Use when implementing security testing pipelines, conducting security audits, or validating application security controls.
Env Secret Detector - Auto-activating skill for Security Fundamentals. Triggers on: env secret detector, env secret detector Part of the Security Fundamentals skill category.
LLM guardrails with NeMo, Guardrails AI, and OpenAI. Input/output rails, hallucination prevention, fact-checking, toxicity detection, red-teaming patterns. Use when building LLM guardrails, safety checks, or red-team workflows.
API testing and contract validation across REST (OpenAPI 3.1), GraphQL (SDL), and gRPC (proto). Use when you need schema linting/validation, breaking-change detection (openapi diff, GraphQL schema diff, buf breaking), consumer/provider contract tests (Pact or schema-driven), negative/security testing, and CI quality gates.
Example security audit skill demonstrating how to audit code for security vulnerabilities. Use when the user asks to perform security reviews, check for vulnerabilities, or audit code security.
[Architecture] Use when reviewing code for security vulnerabilities, implementing authorization, or ensuring data protection.
Authentication and security patterns for EFT-Tracker using NextAuth. Covers password reset, session management, CSRF protection, and security reviews. Activates when user mentions: auth, authentication, password, NextAuth, session, security, login, logout, CSRF, rate limit, token, JWT.
Comprehensive security audit of codebase using multiple security-auditor agents. Use before production deployments or after major features.
Identify security vulnerabilities and anti-patterns providing feedback on security issues a senior developer would catch. Use when user mentions security/vulnerability/safety concerns, code involves user input/authentication/data access, working with sensitive data (passwords/PII/financial), code includes SQL queries/file operations/external API calls, user asks about security best practices, or security-sensitive files are being modified (auth, payment, data access).