Loading...
Loading...
Found 37 Skills
Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE), threat model selection, and operational timelines before any offensive testing begins.
Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage, and unprotected data transmission during security assessments.
Reviews Forge apps for security vulnerabilities, architecture issues, cost inefficiencies, performance problems, and trigger/scheduling waste before deployment. Use when the user says "review my Forge app", "check my app", "pre-deploy check", "is my app ready to deploy", "audit my Forge app", "check for security issues", "check performance", "review manifest", "check my Forge app for problems", "app review", "optimize my Forge app costs", "reduce invocations", "why is my app expensive", "check my triggers", or any request to evaluate a Forge app's quality, safety, cost efficiency, or readiness. Also triggers when users ask about Forge best practices, permission scopes, resolver optimization, storage efficiency, cold start reduction, frontend offloading, trigger filtering, scheduled trigger frequency, N+1 API calls, bulk API usage, verbose logging, or Forge platform pricing.
Validate CORS policies for security issues and misconfigurations. Use when reviewing cross-origin resource sharing. Trigger with 'validate CORS', 'check CORS policy', or 'review cross-origin'.
Load PROACTIVELY when task involves reviewing code, auditing quality, or validating implementations. Use when user says "review this code", "check this PR", "audit the codebase", or "score this implementation". Covers the 10-dimension weighted scoring rubric (correctness, security, performance, architecture, testing, error handling, type safety, maintainability, accessibility, documentation), automated pattern detection for anti-patterns, and structured review output with actionable findings.
Review code through hostile perspectives to find bugs, security issues, and unintended consequences the author missed. Use when reviewing PRs, auditing codebases, or before critical deployments.
Comprehensive pentesting toolkit using Kali Linux Docker container. Provides direct access to 200+ security tools without MCP overhead. Use when conducting security assessments, penetration testing, vulnerability scanning, or security research. Works via direct docker exec commands for maximum efficiency.
This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about inject...
CEO/founder-mode plan review. Rethink the problem, find the 10-star product, challenge premises, expand scope when it creates a better product. Three modes: SCOPE EXPANSION (dream big), HOLD SCOPE (maximum rigor), SCOPE REDUCTION (strip to essentials).
Scan systems and dependencies for CVEs and security vulnerabilities. Use tools like Nessus, OpenVAS, and Qualys to identify and prioritize vulnerabilities. Use when performing security assessments, compliance scanning, or vulnerability management.
Techniques to test and bypass AI safety filters, content moderation systems, and guardrails for security assessment
Conduct threat modeling using STRIDE methodology. Identify threats, assess risks, and design security controls. Use when designing secure systems or assessing application security.