Loading...
Loading...
Found 47 Skills
This skill should be used when the user asks to "calculate risk scores", "prioritize mitigations", "generate remediation roadmap", "analyze business impact", or is running PASTA stage 7. Also triggers when the user asks about risk-weighted findings, compliance gap analysis, or executive security summary in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 7 of 7).
This skill should be used when the user asks to "simulate attacks", "build attack trees", "model exploit chains", "score exploitability", or is running PASTA stage 6. Also triggers when the user asks about attack scenarios, red team simulation, DREAD scoring, or detection gap analysis in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 6 of 7).
Analyze code changes for security vulnerabilities using LLM reasoning and threat model patterns. Use for PR reviews, pre-commit checks, or branch comparisons.
Expert application security engineer specializing in threat modeling, vulnerability assessment, secure code review, and security architecture design for modern web and cloud-native applications.
Write a blueprint (plan file) for a multi-step task (Step 3 of /task). Runs one brainstorming round then writes ai-workspace/plans/<name>.md from TEMPLATE.md. Skipped for one-sentence scope. Does NOT review — that is /review (Step 4).
/cs:ciso-review <plan> — Risk-paranoid interrogation of any plan that touches data, compliance, or production access.
Certificate Lifecycle Manager - Auto-activating skill for Security Advanced. Triggers on: certificate lifecycle manager, certificate lifecycle manager Part of the Security Advanced skill category.
Log Analysis Security - Auto-activating skill for Security Advanced. Triggers on: log analysis security, log analysis security Part of the Security Advanced skill category.
This skill should be used when the user asks to "explain security concept", "what is OWASP", "explain this finding", "what does this vulnerability mean", "explain stride", "explain injection", "what is CSRF", "explain spoofing", "what does INJ-003 mean", "compare stride vs pasta", or asks any question about security terminology, frameworks, vulnerability categories, or specific findings. Works at framework, category, finding, and comparison levels.
Security Benchmark Runner - Auto-activating skill for Security Advanced. Triggers on: security benchmark runner, security benchmark runner Part of the Security Advanced skill category.
Security skill for threat modeling, secure defaults, and security-focused code review in generic software projects.