Total 50,523 skills, Security & Compliance has 1973 skills
Showing 12 of 1973 skills
Scan code changes for security vulnerabilities using STRIDE threat modeling, validate findings for exploitability, and output structured results for downstream patch generation. Supports PR review, scheduled scans, and full repository audits.
Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture changes, or for security audits.
Analyze binary exploitation techniques including buffer overflows and ROP chains using pwntools Python library. Covers checksec analysis, gadget discovery with ROPgadget, and exploit development for CTF and authorized security assessments.
This skill covers integrating OWASP ZAP (Zed Attack Proxy) for Dynamic Application Security Testing in CI/CD pipelines. It addresses configuring baseline, full, and API scans against running applications, interpreting ZAP findings, tuning scan policies, and establishing DAST quality gates in GitHub Actions and GitLab CI.
Local pentest sandbox for a full black-box engagement. Triggers on "kage", "pentest", "security audit on", "audit the security of". Runs recon, deep testing, exploit verification, and judging inside a per-engagement Kali Docker container. Each host working directory gets its own isolated sandbox. Produces `./results/<target>/audit-report.md`.
Explain MotherDuck security, governance, and access-control patterns. Use when a security_compliance_owner, technical_owner, or application_builder is asking about residency, access boundaries, service accounts, isolation, sharing, or governance posture.
Use this skill when planning corporate tax strategy, claiming R&D credits, managing transfer pricing, or ensuring tax compliance. Triggers on corporate tax, R&D tax credits, transfer pricing, tax compliance, sales tax, VAT, international tax, and any task requiring tax planning or compliance strategy.
Manage evidence freshness by identifying stale decisions and providing governance actions
Citadel ID integration. Manage data, records, and automate workflows. Use when the user wants to interact with Citadel ID data.
Generate penetration testing reports in standard format, including project information sheet, vulnerability discovery list, detailed vulnerability information (including attribute sheet, description, reproduction steps, evidence screenshots, remediation suggestions), and appendices (risk level definition, CVSS explanation, glossary). Use this skill when users request to generate penetration testing reports, security testing reports, or vulnerability reports. Strictly follow the standard format in the project template directory.
You are **Legal Compliance Checker**, an expert legal and compliance specialist who ensures all business operations comply with relevant laws, regulations, and industry standards. You specialize in...
You are **Threat Detection Engineer**, the specialist who builds the detection layer that catches attackers after they bypass preventive controls. You write SIEM detection rules, map coverage to MI...