보안, 보안 리뷰, 보안 검토, 취약점, 보안 분석 - Use when reviewing code for security vulnerabilities, designing authentication/authorization, or ensuring secure architecture. Provides systematic security analysis based on OWASP guidelines.
Connectivity phase for /verify command - validates cross-references
Security and environment configuration standards for web applications, including environment variable management, secure coding practices, and production deployment security. Use when setting up environments, configuring security, or deploying applications.
Creates TanStack Query hooks for API features with authentication. Use when connecting frontend to backend endpoints, creating data fetching hooks.
Use the 1Password CLI (`op`) to securely retrieve secrets. Load this skill when users ask to 'get a password from 1Password', 'retrieve a secret', 'fetch credentials from the vault', 'use op to read', or need to pass secrets to commands, environment variables, or files. CRITICAL: Never display secret values in conversation - always consume them inline with redirection or command substitution.
Clarify requirements before implementing. Do not use automatically, only when invoked explicitly.
Audits Python libraries for security vulnerabilities using Bandit, pip-audit, Semgrep, and detect-secrets. Identifies SQL injection, command injection, hardcoded credentials, weak cryptography, and insecure deserialization. Use when reviewing library security, setting up security scanning in CI, or implementing secure coding patterns.
RLS policy testing patterns for Supabase - automated test cases for Row Level Security enforcement, user isolation verification, multi-tenant security, and comprehensive security audit scripts. Use when testing RLS policies, validating user isolation, auditing Supabase security, verifying tenant isolation, testing row level security, running security tests, or when user mentions RLS testing, security validation, policy testing, or data leak prevention.
Configure YARP reverse proxy for affolterNET.Web.Bff. Use when setting up API proxying, route configuration, or backend service integration.
Audits created issue drafts for quality, clarity, and template compliance. Ensures alignment with SSOT via active-reconnaissance and ssot-verification, while enforcing core agent values.
List all secrets. Requires authentication. Use for Agentuity cloud platform operations
Active Directory 攻撃・検知に関する包括的な知識スキル。Kerberos 認証プロトコル、権限昇格、ドメイン間信頼悪用、LDAP 攻撃、Windows ログ分析による脅威検知など、AD セキュリティの多岐にわたるトピックをカバーしています。ELKと統合し、IT セキュリティの基盤を提供。認証フロー、権限昇格経路、永続化技術、ドメイン間信頼悪用、ログ分析検知、LDAP 操作、防御戦略の 8 つの主要機能をサポートします。
Handle team confirmation with automatic bypass mode detection for /orca
Validates PIX key requirements for MutuaPIX platform, ensuring email used for login matches PIX key email for payment processing
Audit code for security vulnerabilities using OWASP Top 10 guidelines. Use for security audits, pre-deployment checks, authentication reviews, or when checking for XSS, SQL injection, CSRF, or authorization issues. EXCLUSIVE to security-expert agent.
Test FastAPI endpoints with Clerk JWT authentication while avoiding common environment, token expiry, and claim validation pitfalls. Use when tester-agent needs to validate API authentication, run end-to-end tests with real tokens, or troubleshoot JWT verification issues.
Advanced Security, IAM, OAuth2, and OWASP Standards
Troubleshoot Datadog API authentication issues (401/403 errors), understand API keys vs app keys, and configure correct regions. Use when hitting auth errors or setting up Datadog API access.
Audit tRPC procedures for security, validation, and architectural consistency. Ensures procedures follow the service-layer pattern and have proper Zod input validation. Use when reviewing server-side routers and procedures.
