Loading...
Loading...
Found 20 Skills
Implements CSRF protection using synchronizer tokens, double-submit cookies, and SameSite attributes. Use when securing web forms, protecting state-changing endpoints, or implementing defense-in-depth authentication.
This skill should be used when the user asks to "harden code", "security hardening", "improve security posture", "add security headers", "tighten security", "defensive coding suggestions", or "proactive security improvements". Also triggers when the user asks about CSP, CORS hardening, rate limiting, input validation improvements, security logging, or defense-in-depth measures.
Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.
Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls.
ALWAYS use before attempting any fix. Never jump to solutions - investigate root cause first. Use when encountering any technical issue, bug, test failure, or unexpected behavior.
Multi-layer validation pattern - validates data at EVERY layer it passes through to make bugs structurally impossible, not just caught.
Defense-in-depth verification before declaring any task complete. Run tests, check build, validate changed files, verify no regressions. Applies 4-level adversarial artifact verification (EXISTS > SUBSTANTIVE > WIRED > DATA FLOWS) with goal-backward framing. Use before saying "done", "fixed", or "complete" on any code change. Use for "verify", "make sure it works", "check before committing", or "validate changes". Do NOT use for debugging (use systematic-debugging) or code review (use systematic-code-review).
The drum sounds. Spider, Raccoon, and Turtle gather for complete security work. Use when implementing auth, auditing security, or hardening code end-to-end.