a5c-ai

Automated vendor security assessment through questionnaire generation, response parsing, and risk scoring.

LLM-powered semantic analysis of code diffs to detect business-logic trojans.

Continuous vendor security monitoring for security ratings, breach notifications, and risk change detection.

AI/ML model security testing and adversarial research capabilities, including generating adversarial examples, testing model robustness, performing extraction attacks, testing for data poisoning, analyzing model fairness, and supporting ART framework integration.

Documentation generation for C, C++, and Java codebases using Doxygen and Javadoc. Extracts API documentation from source code, generates cross-references, call graphs, and comprehensive technical documentation.

Expert skill for OpenAPI/Swagger specification analysis, validation, and documentation generation. Parse and validate specs, detect breaking changes, generate code samples, and lint for best practices.

Expertise in the Sphinx documentation system for technical and API documentation. Configures projects, autodoc for Python APIs, intersphinx for cross-project linking, extensions, and multiple output formats.

SOC 2 Trust Services Criteria compliance automation for evidence collection, control mapping, and audit preparation

Deep integration with Ghidra and IDA Pro for binary analysis and reverse engineering

Advanced binary exploitation and mitigation bypass

Multi-cloud security assessment and penetration testing capabilities. Execute Prowler/ScoutSuite assessments, analyze IAM policies, identify cloud misconfigurations, test permissions, and enumerate cloud resources across AWS/GCP/Azure.

Advanced debugging integration for vulnerability research

Web application security testing with Burp Suite integration

Comprehensive fuzzing operations with AFL++, libFuzzer, and OSS-Fuzz integration

Isolated analysis environment management for malware and exploit testing. Create and manage isolated VMs, configure Cuckoo Sandbox, set up REMnux/FlareVM environments, manage Docker-based analysis containers, and capture filesystem and process changes.

Ethereum and blockchain smart contract security analysis

STIX/TAXII threat intelligence format and sharing

Markdown documentation, MDX, and content formatting.

CVE and CWE database querying and management

Digital forensics and incident response capabilities. Analyze memory dumps with Volatility, parse filesystem artifacts, extract browser forensics, analyze Windows event logs, create forensic timelines, recover deleted files, and generate forensic reports.

Android and iOS application security testing

Network protocol capture, analysis, and fuzzing capabilities

Specialized skill for generating and managing Architecture Decision Records (ADRs). Supports Nygard, MADR, and custom templates with auto-numbering, linking, and status management.

Specialized skill for generating C4 model architecture diagrams. Supports Structurizr DSL, PlantUML, and Mermaid formats with multi-level abstraction (Context, Container, Component, Code).

Validate and analyze AWS CloudFormation templates for security and best practices

MITRE ATT&CK framework mapping and analysis

Offensive security tools and techniques integration

Run chaos engineering experiments using Chaos Monkey, Litmus, or Gremlin

Estimate cloud costs across AWS, Azure, and GCP with pricing comparison

Analyze database query performance with execution plans and index recommendations

Exploit development automation using pwntools framework

Integration with security-focused static analysis tools

Generate and run mock API servers from OpenAPI specifications

Analyze code complexity metrics including cyclomatic complexity, code smells, and technical debt

Generate documentation sites using Docusaurus, MkDocs, or VuePress

YARA rule creation, testing, and deployment

Generate monitoring dashboards for Grafana and DataDog with alert integration

Render Graphviz DOT graphs to images with multiple layout algorithms

Specialized skill for processing Markdown and MDX documentation. Supports parsing, rendering, TOC generation, link validation, frontmatter processing, and diagram embedding.

Validate OpenAPI specifications for correctness, security, and best practices

Google Analytics 4, tag management, and event tracking.

Check compliance with SOC 2, GDPR, HIPAA, and PCI-DSS standards

Generate GraphQL schemas from data models with resolver stubs and federation support

Generate structured logging schemas with correlation ID patterns and ELK/Splunk integration

Render Mermaid diagrams to images with theme customization and Markdown integration

Render PlantUML diagrams to various image formats with theme and styling support

Generate module dependency graphs with circular dependency detection and coupling metrics

Generate load test scripts for k6, Locust, and Gatling from OpenAPI specs