Security & Testing Agent Skills

Security Misconfiguration Auditor

Audits application and infrastructure configurations to identify and remediate security vulnerabilities based on OWASP standards.

Crypto Security Auditor

Audits source code for cryptographic vulnerabilities, weak encryption algorithms, and insecure secret management based on OWASP standards.

AppSec Information Disclosure Auditor

Analyzes source code to identify and mitigate sensitive data leakage, verbose error messages, and unauthorized information disclosure risks.

OWASP Security Auditor

Performs comprehensive security audits based on the OWASP Top 10 vulnerabilities using parallel subagent analysis.

PASTA Business Objectives Analysis

Defines business objectives and critical assets to anchor threat modeling in organizational impact.

AppSec Full Audit

Conducts exhaustive, multi-framework security audits and generates comprehensive, compliance-ready reports.

GraphQL Security Auditor

Analyzes GraphQL endpoints and schemas for critical security vulnerabilities like introspection leaks, depth abuse, and missing authorization.

Ark Dashboard & UI Testing

Automates Ark Dashboard UI testing and screenshot generation for pull requests using Playwright and Kubernetes.

AppSec Security Fix Generator

Generates and applies production-ready code fixes for security vulnerabilities and findings identified within your codebase.

PASTA Threat Modeling

Conducts sequential, risk-centric threat modeling using the 7-stage PASTA framework to align security findings with business objectives.

Repudiation & Audit Analysis

Analyzes source code for repudiation threats by identifying missing audit logs, insufficient event tracking, and log tampering vulnerabilities.

Threat Modeling & Security Architecture

Automates architecture-level threat modeling and STRIDE analysis to identify security gaps and visualize data flows.

Attack Surface Mapping

Maps and inventories every application entry point to identify potential security exposure and undocumented interfaces.

AppSec Fix Verification

Validates security remediations by re-running scanners and performing deep AI code analysis to confirm vulnerabilities are fully resolved.

Security Report Generator

Generates comprehensive security reports from vulnerability findings, scanner results, and analysis data.

SANS/CWE Top 25 Security Analyzer

Analyzes codebases for the SANS/CWE Top 25 most dangerous software weaknesses to identify and fix critical security vulnerabilities.

File Upload Security Auditor

Secures applications by identifying file upload vulnerabilities like path traversal, zip slip, and missing server-side validation.

AppSec Logging Auditor

Analyzes source code to identify security logging failures, sensitive data exposure in logs, and improper monitoring configurations.

Security Explainer

Explains complex security frameworks, vulnerability categories, and specific findings using real-world examples from your own codebase.

AppSec Learn

Teaches application security through interactive, guided walkthroughs using your own codebase as the primary teaching material.

Ark Security Issue Resolver

Identifies and remediates common security vulnerabilities and penetration testing findings within the Ark framework.

Fuzz Test Generation

Generates intelligent, context-aware fuzz test inputs and security test cases by analyzing application input parsers and data handlers.

SSRF Security Audit

Analyzes source code to identify and mitigate Server-Side Request Forgery (SSRF) vulnerabilities and unauthorized internal network access.

Ark Chainsaw Testing

Executes and authors end-to-end tests for Ark agentic resources using the Chainsaw testing framework.

API Security Audit

Analyzes REST and RPC APIs for security vulnerabilities aligned with the OWASP API Security Top 10.

Ark Vulnerability Fixer

Streamlines CVE research and automates security patch workflows for the Ark agentic resource platform.

MITRE ATT&CK Security Mapper

Enriches security findings by mapping vulnerabilities to the MITRE ATT&CK framework to visualize threat patterns and attack chains.

AppSec Project Assessment

Analyzes codebase architecture, tech stacks, and data sensitivity to recommend a prioritized security testing strategy.

Data Integrity & Tampering Analysis

Identifies security vulnerabilities related to unauthorized data modification and injection attacks using the STRIDE threat model.

Access Control Security Auditor

Analyzes source code to identify and remediate broken access control vulnerabilities including IDOR, CORS leaks, and privilege escalation.