Total 50,368 skills, Security & Compliance has 1967 skills
Showing 12 of 1967 skills
Implement GDPR-compliant data handling with consent management, data subject rights, and privacy by design. Use when building systems that process EU personal data, implementing privacy controls, or conducting GDPR compliance reviews.
Implement secure coding practices following OWASP Top 10. Use when preventing security vulnerabilities, implementing authentication, securing APIs, or conducting security reviews. Triggers on OWASP, security, XSS, SQL injection, CSRF, authentication security, secure coding, vulnerability.
Enforce web security and avoid security vulnerabilities
Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
Review AI API key leakage patterns and redaction strategies. Use for identifying exposed keys for OpenAI, Anthropic, Gemini, and 10+ other providers. Use proactively when code integrates AI providers or when environment variables/keys are present. Examples: - user: "Check for leaked OpenAI keys" → scan for `sk-` patterns and client-side exposure - user: "Is my Gemini integration secure?" → audit vertex AI config and key redaction - user: "Review AI provider logging" → ensure secrets are redacted from logs - user: "Scan for Anthropic secrets" → check for `ant-` keys in code and configs - user: "Audit Vertex AI integration" → verify proper IAM roles and service account usage
Hunt for exploitable, bounty-worthy security issues in repositories. Focuses on remotely reachable vulnerabilities that qualify for real reports instead of noisy local-only findings.
Authentication bypass testing playbook. Use when assessing login flows, password reset logic, account recovery, MFA bypass, token predictability, brute-force resistance, and session boundary flaws.
AI-powered codebase security scanner that reasons about code like a security researcher — tracing data flows, understanding component interactions, and catching vulnerabilities that pattern-matching tools miss. Use this skill when asked to scan code for security vulnerabilities, find bugs, check for SQL injection, XSS, command injection, exposed API keys, hardcoded secrets, insecure dependencies, access control issues, or any request like "is my code secure?", "review for security issues", "audit this codebase", or "check for vulnerabilities". Covers injection flaws, authentication and access control bugs, secrets exposure, weak cryptography, insecure dependencies, and business logic issues across JavaScript, TypeScript, Python, Java, PHP, Go, Ruby, and Rust.
CSRF testing playbook. Use when reviewing state-changing web flows, anti-CSRF defenses, SameSite behavior, JSON CSRF, login CSRF, and OAuth state handling.
Linux kernel exploitation playbook. Use when exploiting kernel vulnerabilities (UAF, OOB, race condition, type confusion) for privilege escalation via commit_creds, modprobe_path overwrite, or kernel ROP chains in CTF and real-world scenarios.
Library of battle-tested security prompt templates for secure feature implementation. Use when implementing forms, endpoints, authentication, authorization, file uploads, or conducting security reviews. Triggers include "security prompt", "secure form", "RBAC", "threat model", "STRIDE", "admin endpoint", "file upload", "security testing", "code review", "OWASP".
Verify, download, and inspect build provenance attestations using the orbit CLI. Use this skill whenever the user asks about verifying attestations, checking provenance, inspecting Sigstore bundles, SLSA provenance, build provenance, verifying binaries, downloading attestation bundles, signer identity, in-toto attestations, or supply chain security. Trigger on phrases like 'verify attestation', 'check provenance', 'inspect bundle', 'build provenance', 'sigstore', 'SLSA', 'verify binary', 'attestation download', 'download bundle', 'check signer', 'inspect attestation', 'provenance verification', 'verify artifact', 'supply chain verification', 'check build origin', or any attestation-related task — even casual references like 'is this binary legit', 'who built this', 'where did this artifact come from', 'check the bundle', or 'show provenance'. The orbit CLI alias for attestation is `attest`.