Hunt for authorization bypass vulnerabilities including IDOR, privilege escalation, missing access controls, broken object-level authorization. Use when auditing authentication/authorization code or API endpoints.
Authentication security patterns and standards for NextAuth.js v5. Use when implementing or reviewing authentication code.
Guide for working with team-based permissions and authorization in the WODsmith codebase. Use when touching TEAM_PERMISSIONS constants, hasTeamPermission/requireTeamPermission functions, adding permission checks to actions or server functions, creating features requiring authorization, or ensuring client-server permission consistency.
セキュリティ観測。認可漏れ、インジェクション、機密漏えい、暗号誤用、依存脆弱性を検出。Use when: 認証/認可実装、外部入力処理、依存更新、コミット前チェック、セキュリティレビューして、脅威分析が必要な時。
CRITICAL security skill teaching proper credential and password handling. NEVER store passwords, use bcrypt/argon2, NEVER accept third-party credentials. Use when handling authentication, passwords, API keys, or any sensitive credentials.
Manages authentication flow for MutuaPIX (Laravel Sanctum + Next.js), handles mock mode security, and validates environment configurations
This skill should be used when implementing secure, reusable JWT verification dependency for FastAPI routes. It ensures strict user isolation and identity verification using Better Auth secrets.
Implement comprehensive input validation with server-side validation (security), client-side validation (UX), fail-early patterns (KISS), specific error messages, allowlists over blocklists, and reusable validators (DRY). Use this skill when validating user input in forms, API endpoints, or data processing functions. Use when implementing validation rules for data types, formats, ranges, required fields, or business rules (SRP). Use when creating validator functions, validation schemas (Zod, Joi, Yup), form validation logic, or input sanitization to prevent injection attacks (SQL, XSS). Use when working with backend validators, frontend form libraries (React Hook Form, Formik), or consistent validation across web forms, API endpoints, and background jobs. Apply validation at multiple layers for defense in depth.
Verifies that an authorized user has approved the fix plan before proceeding with implementation.
Configuration validation and testing utilities for OpenRouter API. Use when validating API keys, testing model availability, checking routing configuration, troubleshooting connection issues, analyzing usage costs, or when user mentions OpenRouter validation, config testing, API troubleshooting, model availability, or cost analysis.
Get a secret value. Requires authentication. Use for Agentuity cloud platform operations
Audit protected files, generate protection reports, and verify protection consistency. Use for protection system maintenance and compliance.
Comprehensive security audit with OWASP Top 10 analysis, compliance evaluation, and threat modeling using PAL MCP. Use for security reviews, vulnerability assessment, or compliance checks. Triggers on security audit requests, vulnerability scanning, or compliance reviews.
Verification mode that stops and analyzes on failures, workarounds, or resolution issues
Apply input validation best practices including server-side validation, early failure, specific error messages, and input sanitization. Use this skill when validating user input in n8n nodes, implementing parameter validation, checking data types and formats, sanitizing input to prevent injection attacks, or writing business rule validation. Apply when handling API endpoints, form inputs, or any data entry points in n8n node development.
Performs security audits checking for exposed secrets, weak authentication, SQL injection, XSS vulnerabilities, and validates security best practices
Agent OS skill: verificador-spec
Escalates a session issue to a human reviewer.
Implement user CRUD operations within an account with permission controls and feature flags. Use when building team member management, user administration, or account user settings in multi-tenant Rails applications.
OAuth flows for user-context operations. Web application patterns, device flow for CLI tools, and token refresh strategies for GitHub Apps.
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
