Total 30,612 skills, Security & Compliance has 1085 skills
Showing 12 of 1085 skills
Iso27001 Gap Analyzer - Auto-activating skill for Security Advanced. Triggers on: iso27001 gap analyzer, iso27001 gap analyzer Part of the Security Advanced skill category.
Ensure every critical action is logged (vital for UAG/Trust Room).
Agent skill for security-manager - invoke with $agent-security-manager
Pre-commit security validation and secret detection. Runs gitleaks scan and validates configuration, integrates with pre-commit hooks to prevent credential leaks. Use when user mentions scanning for secrets, gitleaks, secret detection, credential scanning, pre-commit security, or .gitleaks.toml.
Risk Assessment Creator - Auto-activating skill for Enterprise Workflows. Triggers on: risk assessment creator, risk assessment creator Part of the Enterprise Workflows skill category.
Implement security scanning, vulnerability detection, and compliance checks. Use when working with security audits, dependency vulnerabilities, secret detection, CodeQL scanning, SAST/DAST tools, or security best practices. Handles threat modeling and security hardening.
Security audit for vulnerabilities, compliance issues, and sensitive data exposure. Use before production deployments or when reviewing security-sensitive code.
Audits security and supply-chain risk between two git refs, 预发布安全审计
Configure identify security misconfigurations in infrastructure-as-code, application settings, and system configurations. Use when you need to audit Terraform/CloudFormation templates, check application config files, validate system security settings, or ensure compliance with security best practices. Trigger with phrases like "find security misconfigurations", "audit infrastructure security", "check config security", or "scan for misconfigured settings".
Guide to review incoming one-way (unilateral) commercial NDAs in a jurisdiction-agnostic way, from either a Recipient or Discloser perspective (user-selected), producing a clause-by-clause issue log with preferred redlines, fallbacks, rationales, owners, and deadlines.
Validate CORS policies for security issues and misconfigurations. Use when reviewing cross-origin resource sharing. Trigger with 'validate CORS', 'check CORS policy', or 'review cross-origin'.
Execute apply Supabase security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Supabase security configuration. Trigger with phrases like "supabase security", "supabase secrets", "secure supabase", "supabase API key security".