Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities

Assess and enhance software projects for enterprise-grade security, quality, and automation. This skill should be used when evaluating projects for production readiness, implementing supply chain...

Validate software supply chain security with SBOM generation, dependency scanning, provenance verification, and SLSA attestation.

Expert in CI/CD pipeline design with focus on secret management, code signing, artifact security, and supply chain protection for desktop application builds

You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection poi

You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection poi

You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection poi

安全代码审查的专业技能和方法论

云安全审计的专业技能和方法论

容器安全测试的专业技能和方法论

安全意识培训的专业技能和方法论

API安全测试的专业技能和方法论

移动应用安全测试的专业技能和方法论

Malware analysis, CVEs, attribution reports, hacker communities

This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks",...

Expert in compliance frameworks (SOC2, ISO 27001), automated auditing, and risk management.

CVE vulnerability testing coordinator that identifies technology stacks, researches known vulnerabilities, and tests applications for exploitable CVEs using public exploits and proof-of-concept code.

在添加认证、处理用户输入、处理密钥、创建 API 端点或实现支付/敏感功能时使用此 skill。提供全面的安全检查清单和模式。

专注于应用安全、认证授权与合规性。

Auditing for unsafe code and secrets.