Loading...
Loading...
Found 2,961 Skills
Detects and prevents code injection attacks targeting serverless functions (AWS Lambda, Azure Functions, Google Cloud Functions) through event source poisoning, malicious layer injection, runtime command execution, and IAM privilege escalation via function modification. The analyst combines static analysis of function code, CloudTrail event correlation, runtime behavior monitoring, and IAM policy auditing to identify injection vectors across the expanded serverless attack surface including API Gateway, S3, SQS, DynamoDB Streams, and CloudWatch event triggers. Activates for requests involving Lambda security assessment, serverless injection detection, function event poisoning analysis, or serverless privilege escalation investigation.
[user] Perform security inspection and monitoring for Alibaba Cloud DDoS security products, covering DDoS Basic Protection, DDoS Native Protection, and DDoS Anti-DDoS Pro/Premium. Supports querying blackhole/scrubbing events, QPS spikes/drops, L4 traffic anomalies, HTTP status code (4xx/5xx) period-over-period surges, origin status code anomalies, and instance asset inventory. Use this Skill when users need security inspection, DDoS protection status checks, attack event queries, traffic anomaly investigation, or to confirm whether DDoS security products are provisioned. Triggers: "DDoS inspection", "security check", "DDoS protection check", "attack event query", "traffic anomaly"
Guideline for designing, implementing, and verifying secure TypeScript and JavaScript applications following OWASP Top 10 best practices. Use when the user wants to: (1) review TypeScript or JavaScript code for security vulnerabilities, (2) design a secure Node.js, Deno, or browser application architecture, (3) implement security features (authentication, authorization, cryptography, input validation), (4) audit npm/yarn/pnpm dependencies for known vulnerabilities, (5) create security checklists or verification plans, (6) fix security bugs or harden existing TypeScript or JavaScript code, (7) set up security testing and static analysis (ESLint security plugins, Semgrep, Snyk), or (8) handle any TypeScript/JavaScript security concern including injection prevention, prototype pollution, XSS protection, SSRF prevention, secrets management, and secure deployment.
Guideline for designing, implementing, and verifying secure APIs following OWASP API Security Top 10 (2023) best practices. Use when the user wants to: (1) review API code or design for security vulnerabilities, (2) design a secure REST, GraphQL, or gRPC API architecture, (3) implement API authentication and authorization (OAuth2, JWT, API keys, mTLS), (4) configure rate limiting, input validation, or CORS, (5) audit API endpoints for BOLA, BFLA, or mass assignment vulnerabilities, (6) create API security checklists or verification plans, (7) fix API security bugs or harden existing APIs, (8) set up API security testing (OWASP ZAP, Schemathesis, Burp Suite), or (9) handle any API security concern including SSRF prevention, resource consumption limits, business flow protection, API inventory management, and secure third-party API consumption.
Activate when reviewing or modifying dependency resolution, lockfile schema, package downloaders, signature/integrity checks, file integration cleanup, or anything that could expose APM to dependency confusion, typosquatting, malicious packages, or token leakage.
Secure REST APIs with authentication, rate limiting, CORS, input validation, and security middleware. Use when building or hardening API endpoints against common attacks.
Implement comprehensive cloud security across AWS, Azure, and GCP with IAM, encryption, network security, compliance, and threat detection.
Comprehensive Docker security guidelines and threat mitigation strategies
Professional Skills and Methodologies for API Security Testing
Creates repeatable security review checklist for PRs with required checks, common pitfalls, and automated gating. Use for "security review", "PR checklist", "code review", or "security gates".
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation.
Focus on code security auditing, vulnerability identification and permission compliance checks.