Loading...
Loading...
Found 15 Skills
Run all security scanners against the project and produce a unified, severity-bucketed report. Orchestrates gitleaks (secrets), osv-scanner/trivy (dependency vulns), semgrep (static analysis), context-file injection scanner (built-in), and repo hygiene checks (built-in). Missing scanners are skipped with install hints — the scan always completes. Triggers on: 'security check', 'security scan', 'run security', 'scan for secrets', 'check for vulnerabilities', 'security audit', 'audit dependencies', 'check secrets', 'find vulnerabilities', 'scan codebase'.
Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage, and unprotected data transmission during security assessments.
Systematic 4-phase codebase exploration: Detect, Explore, Map, Summarize. Use when starting work on an unfamiliar codebase, onboarding to a new project, reviewing a repository for the first time, or building context before debugging or code review. Use for "explore codebase", "what does this project do", "understand architecture", or "onboard me". Do NOT use for modifying files, running applications, performance optimization, or deep domain analysis.