Total 50,504 skills, Security & Compliance has 1972 skills
Showing 12 of 1972 skills
Query federation audit logs with compliance filtering
Scan project dependencies for known vulnerabilities and CVEs
Use when assessing AI/ML systems for prompt injection, jailbreak vulnerabilities, model inversion risk, data poisoning exposure, or agent tool abuse. Covers MITRE ATLAS technique mapping, injection signature detection, and adversarial robustness scoring.
Reference for Auth0 CLI commands — apps, apis, users, roles, organizations, actions, logs, custom domains, universal-login, terraform, raw API mode, and --json output. Use this skill whenever you need to run Auth0 CLI commands to create or manage applications, APIs, users, roles, organizations, actions, log streams, custom domains, or Universal Login configuration, or when you need to call the Auth0 Management API directly. Trigger on prompts like "create an Auth0 app", "list my Auth0 users", "assign a role", "set up an organization", "deploy an action", "configure a custom domain", "generate Terraform for Auth0", "stream Auth0 logs", "call the Management API", or any task involving the auth0 CLI tool.
AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.
Scan project dependencies for CVEs, outdated packages, and license compliance across npm, pip, cargo, go, maven, and other ecosystems. Use for vulnerability scanning, SBOM generation, supply chain analysis, and automated dependency updates.
KnowBe4 integration. Manage Users, Roles, Organizations, Persons, Groups, Campaigns and more. Use when the user wants to interact with KnowBe4 data.
Secure Code Warrior integration. Manage data, records, and automate workflows. Use when the user wants to interact with Secure Code Warrior data.
Tests APIs for mass assignment (auto-binding) vulnerabilities where clients can modify object properties they should not have access to by including additional parameters in API requests. The tester identifies writable endpoints, adds undocumented fields to request bodies (role, isAdmin, price, balance), and checks if the server binds these to the data model without filtering. Part of OWASP API3:2023 Broken Object Property Level Authorization. Activates for requests involving mass assignment testing, parameter binding abuse, auto-binding vulnerability, or API over-posting.
Financial regulatory knowledge base — A-shares (10% / 5% ST price limits, T+1 settlement, short-selling rules, new delisting rules), HK (T+0 short-selling, no price limits, odd-lot / grey market, profit test, insider dealing ordinance), US (PDT rule $25k threshold, Reg T margin, circuit breakers, SEC rules), crypto regulation, cross-border tax basics. Triggers: "监管规则", "涨跌停", "T+1", "融券", "退市", "做空规则", "PDT规则", "熔断", "保证金", "印花税", "監管規則", "漲跌停", "融券", "退市", "做空規則", "PDT規則", "熔斷", "保證金", "印花稅", "regulatory rules", "circuit breaker", "short selling rules", "PDT rule", "margin requirements", "stamp duty", "delisting rules", "trading rules", "settlement rules".
Security review and penetration testing: evaluate your application against OWASP Top 10, authentication security, HTTP headers, CORS, CSP, supply chain risks, and common attack vectors with browser-based validation.
Guides structured security log analysis across authentication, network, endpoint, and cloud audit log sources. Auto-invoked when the user shares log data, asks about suspicious events, needs help interpreting Windows Event IDs or Linux auth logs, or is establishing baselines for anomaly detection. Produces log source taxonomy, anomaly identification, baseline recommendations, and correlation findings mapped to MITRE ATT&CK v16 techniques.