Loading...
Loading...
Found 48 Skills
Configure HTTP security headers including CSP, HSTS, X-Frame-Options, and XSS protection. Use when hardening web applications against common attacks.
Advanced Content Security Policy bypass techniques. Use when XSS or data exfiltration is blocked by CSP and you need to find policy weaknesses, trusted endpoint abuse, nonce leakage, or exfiltration channels that CSP cannot block.
**CONTENT SECURITY POLICY (CSP) GUIDE** — Assist with configuring Syncfusion ASP.NET Core EJ2 components to work with strict Content Security Policy (CSP) headers. Use when: implementing CSP headers, generating and applying nonces to inline scripts/styles, configuring external font allowlists, or troubleshooting CSP violations.
MUST activate when the project contains a uiBundles/*/src/ directory and scaffolding a new UI bundle or app, or when editing ui-bundle.json, .uibundle-meta.xml, or CSP trusted site files. Use this skill when scaffolding with sf template generate ui-bundle, configuring ui-bundle.json (routing, headers, outputDir), or registering CSP Trusted Sites. Activate when the task involves files matching *.uibundle-meta.xml, ui-bundle.json, or cspTrustedSites/*.cspTrustedSite-meta.xml.
Clickjacking playbook. Use when testing whether target pages can be framed, whether X-Frame-Options or CSP frame-ancestors are properly configured, and whether UI redress attacks can trigger sensitive actions.
This skill should be used when users encounter cspell unknown word warnings, spelling errors from cspell diagnostics, or CI/linting failures on unrecognized words. Also applies when users ask to add words to the cspell dictionary, suppress or ignore cspell warnings, choose between cspell:words and cspell:ignore directives, or bootstrap cspell config in a new project
Guides cloud compliance—mapping SOC 2, ISO 27001, HIPAA, PCI DSS, FedRAMP, and data-residency requirements to cloud controls; collecting audit evidence from AWS, GCP, and Azure APIs; shared-responsibility narratives; CSPM/Config continuous monitoring; customer assurance questionnaires (CAIQ/SIG); and cloud-specific gap remediation before attestations. Use when scoping regulated workloads in cloud, preparing cloud control evidence for auditors, interpreting provider compliance artifacts (BAA, PCI AOC, FedRAMP packages), or proving residency and logging in multi-account estates—not for org-wide GRC programs and audit coordination without cloud evidence (compliance-specialist), non-cloud systems evidence automation (compliance-engineer), implementing security guardrails (cloud-security-engineer), legal DPAs or contract redlines (commercial-counsel), security strategy (cybersecurity), or CI pipeline gates only (devsecops).
Write CSP-compatible Alpine.js components for Hyvä themes in Magento 2. This skill should be used when the user wants to create Alpine components, add interactivity to Hyvä templates, write JavaScript for Hyvä themes, or needs help with Alpine.js patterns that work with Content Security Policy. Trigger phrases include "create alpine component", "add interactivity", "alpine for hyva", "x-data component", "csp compatibility", "csp compliant javascript".
This skill provides expert-level guidance for implementing VS Code WebView features. Use when creating WebView panels, implementing secure CSP policies, handling Extension-WebView communication, managing WebView state persistence, optimizing WebView performance, or debugging WebView rendering issues. Covers security best practices, message protocols, and VS Code-specific WebView patterns.
This skill should be used when the user asks to "harden code", "security hardening", "improve security posture", "add security headers", "tighten security", "defensive coding suggestions", or "proactive security improvements". Also triggers when the user asks about CSP, CORS hardening, rate limiting, input validation improvements, security logging, or defense-in-depth measures.
OWASP Top 10, CSP, CORS, XSS/CSRF prevention, auth patterns, dependency scanning
Use this skill when running PixiJS v8 outside a standard browser: Web Workers, OffscreenCanvas, Node/SSR, or CSP-restricted contexts. Covers DOMAdapter.set, BrowserAdapter, WebWorkerAdapter, custom Adapter interface, pixi.js/unsafe-eval for strict CSP. Triggers on: DOMAdapter, BrowserAdapter, WebWorkerAdapter, Web Worker, OffscreenCanvas, Node, headless, SSR, CSP, unsafe-eval, Adapter.