Loading...
Loading...
Found 2,246 Skills
Guides technical program management for security coordinated vulnerability disclosure (CVD)— disclosure policy, intake and triage SLAs, researcher coordination, fix/remediation tracking, embargo and publication timelines, CVE/advisory coordination, bug bounty program operations, and cross-functional gates (security engineering, legal, comms, product). Use when running a CVD or responsible disclosure program, disclosure calendar, bounty ops, or unblocking multi-team remediation for reported vulnerabilities—not for hands-on pentest (offensive-security-analyst), SOC triage (defensive-security-analyst), vuln scanning in CI (devsecops), enterprise security strategy (cybersecurity), generic non-security programs (technical-program-manager), or contract redlines (commercial-counsel).
Handle security incidents with IR playbooks and procedures. Implement detection, containment, eradication, and recovery processes. Use when responding to security events or building incident response capabilities.
Battle-tested security checks for AI coding assistants — 29 categories covering OWASP Top 10, CWE Top 25, and ASVS Level 3
Recognize and report malicious software distribution repositories masquerading as legitimate security tools
Identify, analyze, and report malicious software distribution repositories masquerading as legitimate security tools
Comprehensive code review skill for TypeScript, JavaScript, Python, Swift, Kotlin, Go. Includes automated code analysis, best practice checking, security scanning, and review checklist generation. Use when reviewing pull requests, providing code feedback, identifying issues, or ensuring code quality standards.
Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.
Compare two security audit reports to track remediation progress and identify new vulnerabilities.
Expert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks. Masters vulnerability assessment, threat modeling, secure authentication (OAuth2/OIDC), OWASP standards, cloud security, and security automation. Handles DevSecOps integration, compliance (GDPR/HIPAA/SOC2), and incident response. Use PROACTIVELY for security audits, DevSecOps, or compliance implementation.
Guidance for identifying and fixing security vulnerabilities in code. This skill should be used when asked to fix security issues, address CVEs or CWEs, remediate vulnerabilities like injection attacks (SQL, command, CRLF, XSS), or when working with failing security-related tests.
Guidelines for developing with Deno and TypeScript using modern runtime features, security model, and native tooling
NestJS best practices and patterns for building scalable, maintainable backend applications. This skill should be used when writing, reviewing, or refactoring NestJS code to ensure proper architecture, security, performance, and code quality. Triggers on tasks involving NestJS modules, controllers, services, guards, pipes, middleware, Prisma database operations, authentication, or any NestJS-specific patterns.