Loading...
Loading...
Found 47 Skills
Security analysis, vulnerability assessment, and security code reviews
Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE), threat model selection, and operational timelines before any offensive testing begins.
Deep codebase analysis for building architectural context before vulnerability or bug finding. Uses line-by-line analysis with First Principles, 5 Whys, and 5 Hows. Use when deep comprehension is needed before security auditing, architecture review, or threat modeling.
Chief Security Officer mode. Infrastructure-first security audit: secrets archaeology, dependency supply chain, CI/CD pipeline security, LLM/AI security, skill supply chain scanning, plus OWASP Top 10, STRIDE threat modeling, and active verification. Two modes: daily (zero-noise, 8/10 confidence gate) and comprehensive (monthly deep scan, 2/10 bar). Trend tracking across audit runs. Use when: "security audit", "threat model", "pentest review", "OWASP", "CSO review". (gstack) Voice triggers (speech-to-text aliases): "see-so", "see so", "security review", "security check", "vulnerability scan", "run security".
Hipaa Audit Helper - Auto-activating skill for Security Advanced. Triggers on: hipaa audit helper, hipaa audit helper Part of the Security Advanced skill category.
Kubernetes Rbac Analyzer - Auto-activating skill for Security Advanced. Triggers on: kubernetes rbac analyzer, kubernetes rbac analyzer Part of the Security Advanced skill category.
Security architecture and threat modeling. OWASP Top 10 analysis, security pattern implementation, vulnerability assessment, and security review for code and infrastructure.
Iso27001 Gap Analyzer - Auto-activating skill for Security Advanced. Triggers on: iso27001 gap analyzer, iso27001 gap analyzer Part of the Security Advanced skill category.
Cloud Security Posture - Auto-activating skill for Security Advanced. Triggers on: cloud security posture, cloud security posture Part of the Security Advanced skill category.
Hardens designs and implementations with structured security reviews.
Authentication and authorization including JWT, OAuth2, OIDC, sessions, RBAC, and security analysis. Activate for login, auth flows, security audits, threat modeling, access control, and identity management.
This skill should be used when the user asks to "run PASTA analysis", "PASTA threat model", "risk-centric threat analysis", or invokes /appsec:pasta. Dispatches 7 stages SEQUENTIALLY -- each stage's output feeds the next. This is the ONLY framework that runs sequentially.