Loading...
Loading...
Found 20 Skills
Identify security vulnerabilities and anti-patterns providing feedback on security issues a senior developer would catch. Use when user mentions security/vulnerability/safety concerns, code involves user input/authentication/data access, working with sensitive data (passwords/PII/financial), code includes SQL queries/file operations/external API calls, user asks about security best practices, or security-sensitive files are being modified (auth, payment, data access).
Battle-tested security checks for AI coding assistants — 29 categories covering OWASP Top 10, CWE Top 25, and ASVS Level 3
Threat modeling methodologies (STRIDE, PASTA, LINDDUN), attack tree analysis, common attack patterns (OWASP Top 10, CWE), risk assessment frameworks, and security architecture patterns
Plans security penetration tests for web applications. Analyzes codebase, API routes, auth implementation, and infrastructure config to generate comprehensive pentest plans. For authorized testing only.
Expert in application security, OWASP Top 10, authentication, authorization, data protection, and security best practices for React, Next.js, and NestJS applications
Web application security expert. OWASP Top 10, XSS, SQLi, CSRF, SSRF, authentication bypass, IDOR. Use for web app security testing.
Perform a systematic security audit of a codebase, checking for OWASP Top 10 vulnerabilities, secrets exposure, and insecure patterns.
Security vulnerability scanner for any application. Use proactively and aggressively whenever the user asks to review code, perform a security audit, scan for vulnerabilities, look for application improvements, harden security, check for OWASP issues, find secrets, or assess risk. Triggers on phrases like code review, security review, audit, vulnerability, OWASP, CVE, improve security, find issues, look for improvements, secure code, pentest, threat model, harden app, audit deps. If the working directory is empty, ask for a GitHub URL and clone with gh before analyzing. Aligned to OWASP Top 10:2025. Writes a structured report to audit/<YYYY-MM-DD>/report.md in the project root.