Loading...
Loading...
Found 38 Skills
XXE XML外部实体注入测试的专业技能和方法论
Professional Skills and Methodologies for Deserialization Vulnerability Testing
Use when user needs Active Directory security analysis, privileged group design review, authentication policy assessment, or delegation and attack surface evaluation across enterprise domains.
Professional Skills and Methodologies for Insecure Direct Object Reference (IDOR) Testing
Penetration testing methodology expert. OWASP, PTES, reconnaissance, scanning, exploitation, reporting. Use for security assessments.
Run Prowler for comprehensive cloud security posture assessment. Audits AWS, Azure, and GCP against CIS Benchmarks, PCI-DSS, HIPAA, GDPR, and other compliance frameworks.
Use after implementing features - 7-criteria code review with MANDATORY artifact posting to GitHub issue; blocks PR creation until complete
Scan systems and dependencies for CVEs and security vulnerabilities. Use tools like Nessus, OpenVAS, and Qualys to identify and prioritize vulnerabilities. Use when performing security assessments, compliance scanning, or vulnerability management.
Techniques to test and bypass AI safety filters, content moderation systems, and guardrails for security assessment
Validate CORS policies for security issues and misconfigurations. Use when reviewing cross-origin resource sharing. Trigger with 'validate CORS', 'check CORS policy', or 'review cross-origin'.
Review code through hostile perspectives to find bugs, security issues, and unintended consequences the author missed. Use when reviewing PRs, auditing codebases, or before critical deployments.
Security assessment skill for reconnaissance, endpoint/service enumeration, and attack-surface mapping. Use when prompts include recon, enumerate, map endpoints, discover assets, inventory interfaces, fingerprint technologies, or identify control-plane surfaces. Do not use when the request is exploit development, payload execution, or final report writing only.