Loading...
Loading...
Found 18,993 Skills
This skill should be used when the user asks to "create threat model", "threat model architecture", "map security architecture", "build threat model", "STRIDE analysis", "data flow diagram", "DFD security", or "attack tree analysis". Also triggers when the user wants a systematic identification of threats against the application architecture, trust boundaries, data flows, or component interactions.
This skill should be used when the user asks to "explain security concept", "what is OWASP", "explain this finding", "what does this vulnerability mean", "explain stride", "explain injection", "what is CSRF", "explain spoofing", "what does INJ-003 mean", "compare stride vs pasta", or asks any question about security terminology, frameworks, vulnerability categories, or specific findings. Works at framework, category, finding, and comparison levels.
This skill should be used when the user asks to "check for SSRF", "analyze server-side request forgery", "find URL fetching vulnerabilities", "check for internal network access", or mentions "SSRF", "URL fetching", "cloud metadata", "169.254.169.254", or "request forgery" in a security context. Maps to OWASP Top 10 2021 A10: Server-Side Request Forgery.
This skill should be used when the user asks to "simulate attacks", "build attack trees", "model exploit chains", "score exploitability", or is running PASTA stage 6. Also triggers when the user asks about attack scenarios, red team simulation, DREAD scoring, or detection gap analysis in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 6 of 7).
This skill should be used when the user asks to "check for cryptographic issues", "analyze encryption", "find weak hashing", "audit password storage", "check for hardcoded keys", or mentions "cryptography", "encryption", "hashing", "TLS", "certificates", or "random number generation" in a security context. Maps to OWASP Top 10 2021 A02: Cryptographic Failures.
This skill should be used when performing AI-powered mutation testing to evaluate and improve unit test quality. It generates targeted code mutants, runs tests to identify surviving mutants, and strengthens or creates tests to kill them. Accepts a file path, directory, or defaults to git diff changed files.
This skill should be used when the user asks to "check for non-repudiation privacy risks", "analyze excessive audit logging", "find privacy issues related to accountability", "check for forced identity linking", or mentions "non-repudiation" in a privacy context. Maps to LINDDUN category N. This is the INVERSE of STRIDE repudiation -- here too much proof is the threat.
This skill should be used when the user asks to "harden code", "security hardening", "improve security posture", "add security headers", "tighten security", "defensive coding suggestions", or "proactive security improvements". Also triggers when the user asks about CSP, CORS hardening, rate limiting, input validation improvements, security logging, or defense-in-depth measures.
This skill should be used when you need to create, open, or edit a pull request (PR), or the user asks to "create a PR", "open a PR", "submit a PR", "raise a PR", "file a PR", "make a PR", "create a pull request", "open a pull request", "new PR", or any variation requesting GitHub pull request creation.
Use this skill to process bot review feedback on a pull request (for example coderabbitai and chatgpt-codex-operator). Invoke when bot comments arrive and the user wants triage, decision making, and implementation of required fixes.
Expert Suno AI prompt engineering for cinematic, transformative music creation. Use this skill when creating Suno prompts for Vibe OS sessions, meditation tracks, or any AI-generated music that needs professional quality and emotional resonance.
Cloud & AI FinOps advisory skill. Structured cost optimization using the FinOps Foundation framework. Covers AWS, Azure, GCP, OCI, AI inference, and data platforms (Databricks, Snowflake). Use for: cloud costs, cost optimization, cloud spend, AI costs, cloud bill, FinOps assessment, GreenOps, right-sizing, commitment strategy, tagging governance.