Loading...
Loading...
Found 30 Skills
Professional Skills and Methodologies for Secure Code Review
Run cargo-audit and cargo-geiger on Rust code. Audits dependencies for known vulnerabilities and detects unsafe code usage for memory safety review.
Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), container security scanning, dependency vulnerability management, and common vulnerability tools (Snyk, Trivy, OWASP ZAP, SonarQube)
Run Psalm with taint analysis on PHP code. Detects SQL injection, XSS, command injection, path traversal, and other taint-flow vulnerabilities in PHP applications.
Run ESLint with security plugins on JavaScript/TypeScript code. Detects eval usage, non-literal RegExp, prototype pollution, and other JS/TS security anti-patterns.
Proactive security scanning for newly generated or modified code. Intelligently detects changes, runs appropriate scans (SAST, SCA, IaC), filters to only NEW issues, and prevents vulnerabilities at the source. Use this skill when: - Agent generates new code files - Agent modifies existing code - User asks to "scan for security issues" or "check my changes" - Before committing changes - User mentions "secure at inception", "proactive scan", or "security check"