Loading...
Loading...
Found 19 Skills
GitHub Actions security review for workflow exploitation vulnerabilities. Use when asked to "review GitHub Actions", "audit workflows", "check CI security", "GHA security", "workflow security review", or review .github/workflows/ for pwn requests, expression injection, credential theft, and supply chain attacks. Exploitation-focused with concrete PoC scenarios.
Audits project dependencies for license compliance, maintenance health, security vulnerabilities, and bloat. Analyzes both direct and transitive dependency trees, detects abandoned packages, identifies license conflicts (copyleft, unknown), checks for known CVEs, and finds unused or duplicate dependencies. Triggers on: "audit dependencies", "dependency check", "license check", "dependency health", "abandoned packages", "bloat check", "unused dependencies", "security audit dependencies", "dependency review", "license compliance", "package audit", "supply chain", "dependency risk". Use this skill when reviewing project dependencies for risk.
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
Expert at package management and supply chain security. Use when managing dependencies, updating packages, resolving version conflicts, ensuring supply chain security, or auditing vulnerabilities in project dependencies.
Modern security standards including Zero Trust Architecture, supply chain security, DevSecOps integration, and cloud-native protection
Run Confused and GuardDog to detect dependency confusion and typosquatting risks. Checks if internal package names exist on public registries and identifies malicious packages.
OWASP Top 10:2025 security vulnerabilities. Covers access control, injection, supply chain, cryptographic failures, and more. Use for security reviews. USE WHEN: user mentions "OWASP 2025", "Top 10", "security review", "vulnerability assessment", asks about "broken access control", "injection", "supply chain", "cryptographic failures", "exception handling" DO NOT USE FOR: general OWASP (2021) - use `owasp` instead, secrets - use `secrets-management`, dependencies - use `supply-chain`