Loading...
Loading...
Found 64 Skills
Automated security scanning for dependencies, code, containers with Trivy, Snyk, npm audit. Use for CI/CD security gates, pre-deployment audits, compliance requirements, or encountering CVE detection, outdated packages, license compliance, SBOM generation errors.
Analiza cambios staged en git para detectar bugs, vulnerabilidades de seguridad, malas prácticas, y genera descripciones detalladas de commits con mensaje en formato Conventional Commits. Usa este skill siempre que el usuario quiera revisar cambios antes de commitear o pushear, analizar un diff staged, detectar bugs o malas prácticas en código que está por commitear, generar un mensaje o descripción de commit, o hacer code review previo al commit. Se activa con frases como "revisá mis cambios staged", "analiza mi commit", "qué bugs tiene lo que cambié", "generame el mensaje de commit", "review antes de push", "detecta errores en mis cambios", "haceme un análisis antes de commitear", o "necesito una descripción para mi commit". NO usar para: code review de archivos sueltos sin contexto de commit, configurar linters, escribir tests, debugging de producción, o crear código nuevo. Este skill es específicamente para el momento previo al commit.
Scans code for security vulnerabilities — injection flaws, authentication gaps, XSS vectors, mass assignment, CSRF, insecure deserialization, sensitive data exposure, broken access control, and misconfigurations. Generates severity-scored findings with copy-pasteable fix prompts. Trigger phrases: "security scan", "security audit", "vulnerability check", "find security issues".
Run Trivy to scan container images for OS and library vulnerabilities, misconfigurations, and secrets. Comprehensive multi-target security scanner.
Continuous repository security scanning and release gating. Triggers: "security scan", "security audit", "pre-release security", "run scanners", "check vulnerabilities".
Sentry-specific security review based on real vulnerability history. Use when reviewing Sentry endpoints, serializers, or views for security issues. Trigger keywords: "sentry security review", "check for IDOR", "access control review", "org scoping", "cross-org", "security audit endpoint".
This skill should be used when the user asks to "audit this codebase", "audit this code", "security audit", "code audit", "find vulnerabilities", "check for bugs", "review code quality", "find dead code", "check for anti-patterns", "performance audit", "check for code smells", "technical debt", or "code health check".
Professional Skills and Methodologies for Secure Code Review
Security vulnerability detection and variant analysis skill. Use when hunting for dangerous APIs, footgun patterns, error-prone configurations, and vulnerability variants across codebases. Combines sharp edges detection with variant hunting methodology.
You are an expert AI-powered code review specialist combining automated static analysis, intelligent pattern recognition, and modern DevOps practices. Leverage AI tools (GitHub Copilot, Qodo, GPT-5, C
Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and other OWASP categories. Use when the user asks for a code security audit, SAST scan, vulnerability scan of source code, or wants to find security flaws in a codebase.
Execute this skill enables AI assistant to conduct a security-focused code review using the security-agent plugin. it analyzes code for potential vulnerabilities like sql injection, xss, authentication flaws, and insecure dependencies. AI assistant uses this skill wh... Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.