Security

Provides structured workflows for open-source intelligence gathering across people, companies, and entities. Includes detailed authorization checks, multi-researcher parallel execution patterns, and specific tool recommendations for each investigation type. Focuses on ethical boundaries and legal compliance.

Security audit and hardening for AI agents — credential hygiene, secret scanning, prompt injection defense, data leakage prevention, and privacy zones.

Enforces security-first database migrations by requiring RLS policies in the same file as table creation. Provides clear forbidden/correct patterns, mandatory approval workflows, and production deployment safeguards. Focuses on preventing common security oversights in Prisma-based PostgreSQL projects.

This skill performs infrastructure reconnaissance including domain, IP, and network analysis. It combines passive data gathering with authorized active scanning to map attack surfaces. The skill clearly distinguishes between passive and active techniques with strict authorization requirements. It integrates with other security skills like OSINT and web assessment for complete security workflows.

Provides expert guidance for using ffuf web fuzzer in penetration testing, covering authenticated fuzzing with raw requests, auto-calibration, filtering strategies, and result analysis. Includes helper scripts for analyzing results and generating wordlists.

Provides concrete patterns for implementing Row Level Security with Prisma using context wrappers. Enforces data isolation between users, admins, and system processes with clear code examples and forbidden patterns. Includes specific guidance for Next.js dynamic rendering requirements and testing procedures.

This skill automates compliance auditing for major regulations like GDPR, HIPAA, and PCI DSS by integrating tools like Prowler and Checkov. It provides structured workflows for gap analysis, evidence collection, and reporting, reducing manual audit preparation time from months to weeks.

A comprehensive security assessment skill that orchestrates threat modeling, vulnerability scanning, and control validation through a structured multi-agent workflow with clear reporting.

This skill provides a structured workflow for infrastructure security engineering, integrating tools like nmap, trivy, and Vault. It covers security analysis, implementation, and verification phases with specific checklists for hardening, DevSecOps, and incident response. It's designed to work alongside other infrastructure agents.

A security testing tool that integrates nmap, metasploit, burpsuite, and other penetration testing utilities. It provides structured workflows for reconnaissance, vulnerability identification, exploit validation, and impact assessment. Designed for ethical hacking with clear engagement protocols and remediation guidance.

This skill provides detailed guidance for implementing Auth0 security features including attack protection, MFA configuration, token management, and compliance with standards like FAPI and GDPR. It offers specific configuration steps, dashboard navigation paths, and implementation checklists for security teams.

Provides detailed guidance for implementing Google Analytics 4 privacy compliance features, including Consent Mode v2 configuration, GDPR/CCPA requirements, data deletion workflows, and integration with consent management platforms. Offers specific code examples for gtag.js and GTM implementations.