Security Skills

Security

Analyzes code to detect OWASP Top 10 vulnerabilities.

Security

Generates application security checklists based on the OWASP Top 10.

Security

Generates threat model documents with STRIDE analysis.

Security

First phase of the security audit pipeline that scans the codebase (src/app) for vulnerabilities like unprotected endpoints, missing input validation, authorization gaps, and exposed secrets. Outputs a prioritized findings list in SECURITY_PLAN.md. Use after /full-security-audit or invoke directly with '/1-security-audit'.

Security

Secures backend applications by addressing OWASP Top 10 vulnerabilities, implementing authentication (JWT, OAuth2) and encryption (bcrypt, TLS), and configuring vulnerability scanning tools (SAST, DAST, SCA). Helps achieve compliance with frameworks like GDPR, HIPAA, PCI-DSS, and SOC2, and includes incident response procedures.

Security

Generate a Tekton Task that uses Trivy to scan a container image for critical and high vulnerabilities, failing the pipeline if any are found. The task takes the image name as a parameter and runs the trivy command with exit code 1. Useful for integrating vulnerability scanning into CI/CD pipelines built with Tekton.

Security

Scans code for LGPD (Brazilian Data Protection Law 13.709/18) violations: exposed personal data (CPF, RG, email, phone), logs containing PII, and tracking without consent. Use when code accesses personal data, implements analytics/tracking, or before commits that alter data collection.

Security

Reviews authentication and authorization designs—including JWT, OAuth, RBAC/ABAC—by tracing login flows, token management, route protection, and privilege escalation risks. Helps security engineers audit auth modules for misconfigurations and hardcoded vulnerabilities.

Security

Implement Lokalise translation data handling with PII detection, privacy management, and GDPR/CCPA compliance patterns using automated scanning and safe logging.

Security

Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.

Security

Implements database audit logging using triggers, application-level logging, change data capture (CDC), or native logs to track data modifications for compliance and security. Automatically captures detailed audit trails (user, timestamp, old/new values) for regulated environments like GDPR, HIPAA, SOX, and PCI-DSS. Helps ensure accountability and simplifies compliance reporting without requiring application code changes.

Security

Orchestrates the complete threat modeling workflow from initialization through reporting, including asset discovery, threat analysis, control verification, compliance mapping, and documentation generation. Use when performing a full security assessment or generating comprehensive threat documentation.