Explore skills

Expert security auditor specializing in DevSecOps, comprehensive

Detect common security vulnerabilities in code. Covers OWASP patterns, SQL injection, bare excepts, shell injection. Framework-agnostic.

Security review or audit of code, architecture, or infrastructure - Threat modeling sessions - Reviewing PRs for security implications

Review security of command execution, tool permissions, and API key handling. Use when user mentions "security review", "audit", "check security", "vulnerabilities", or before deploying to production.

The feature or area to audit (optional)

Verify security considerations were addressed before shipping. Issues result in WARNINGS that strongly recommend fixing.

Use this skill when implementing security measures or conducting security audits. Provides OWASP Top 10 mitigations, authentication patterns, input validation strategies, and compliance guidelines. Ensures applications are secure against common vulnerabilities.

Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening.

Security auditing and vulnerability assessment specialist. Use when conducting

Deep code sweep — dispatches 3 parallel focused auditors for security, stubs, and code quality. Works standalone or offered after gigo:execute completes. Use gigo:sweep.

Static application security testing (SAST) using Semgrep for vulnerability detection, security code review, and secure coding guidance with OWASP and CWE framework mapping. Use when: (1) Scanning code for security vulnerabilities across multiple languages, (2) Performing security code reviews with pattern-based detection, (3) Integrating SAST checks into CI/CD pipelines, (4) Providing remediation

Software Composition Analysis (SCA) using Synopsys Black Duck for identifying open source vulnerabilities, license compliance risks, and supply chain security threats with CVE, CWE, and OWASP framework mapping. Use when: (1) Scanning dependencies for known vulnerabilities and security risks, (2) Analyzing open source license compliance and legal risks, (3) Identifying outdated or unmaintained depe