Security & Testing Agent Skills

Security Scanning Workflows

Automates comprehensive security scanning by integrating SAST, dependency checks, and container vulnerability detection into CI/CD pipelines.

OPA Kubernetes Pod Security Templates

Enforces Kubernetes security policies using OPA to prevent privileged container execution and restrict dangerous Linux capabilities.

GitHub Secret Scanning Integration

Automates the configuration of GitHub secret scanning and push protection to prevent sensitive credential leaks in development workflows.

GKE Security Hardening Guide

Implements production-grade security controls for Google Kubernetes Engine using Pulumi and defense-in-depth patterns.

Kyverno Pod Security Templates

Enforces Kubernetes Pod Security Standards and privilege restrictions using Kyverno policies to secure containerized workloads.

Kubernetes Chaos Engineering

Automates resilience testing and fault injection for Kubernetes clusters using Chaos Mesh and LitmusChaos patterns.

Kubernetes Secure-by-Design Patterns

Implements secure-by-design architecture patterns for Kubernetes environments using zero-trust and defense-in-depth principles.

Multi-Source Policy Aggregator

Aggregates distributed Kyverno policies into a unified enforcement layer using multi-stage OCI container builds.

Kyverno Image Security & Validation

Secures Kubernetes clusters by enforcing container image validation policies including registry allowlists, signatures, and vulnerability gates.

GitHub Token Permissions Security

Implements least-privilege security for GitHub Actions by configuring explicit GITHUB_TOKEN permissions and reducing attack surfaces.

OpenSSF Scorecard Achievement Guide

Optimizes software security postures by providing comprehensive guidance on passing all 18 OpenSSF Scorecard checks and implementing secure engineering practices.

GitHub Actions Security Cheat Sheet

Secures CI/CD pipelines with copy-pasteable patterns for SHA pinning, token permissions, and workflow hardening.

Risk Prioritization Framework

Streamlines security triage using objective metrics, CVSS interpretation, and decision trees to prioritize vulnerability remediation.

Policy-as-Code End-to-End Enforcement

Eliminates security gaps by enforcing standardized Kyverno policies across local development, CI/CD pipelines, and Kubernetes runtime environments.

Branch Protection Enforcement

Implements automated GitHub branch protection patterns and drift detection to ensure robust organizational security compliance.

Kubernetes Incident Response Playbooks

Provides standardized templates for detecting, containing, and remediating Kubernetes security incidents with guided decision trees.

SLSA Toolchain Integration

Integrates SLSA provenance generation and dependency verification across Go, Node.js, and Python toolchains.

Kyverno Network Security Templates

Enforces robust Kubernetes network security policies including namespace isolation, Ingress TLS requirements, and service exposure restrictions.

GitHub Actions Security Hub

Implements hardened security patterns for GitHub Actions workflows, including SHA pinning, least-privilege permissions, and OIDC federation.

Secure SDLC Hardening Roadmap

Implements a four-phase defense-in-depth strategy to secure the Software Development Lifecycle through automated gates, branch protection, and runtime enforcement.

Intent-Based Spec Tests

Implements natural language specification testing using Claude as a judge to ensure code aligns with business intent and user requirements.

Systematic Debugging Workflow

Enforces a disciplined, four-phase methodology to identify root causes and resolve software defects without guesswork.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all implementation work is verified by failing tests before production code is written.

Verification Before Completion

Enforces a rigorous verification-first workflow that requires fresh command output before claiming any task is complete or successful.

Web3 Smart Contract Testing

Validates and secures smart contracts using comprehensive Hardhat and Foundry testing frameworks.

Solidity Smart Contract Security

Secures Ethereum smart contracts by identifying vulnerabilities and implementing industry-standard protection patterns.

SAST Configuration & Security Scanning

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection across multiple programming languages.

GDPR Data Handling & Compliance

Implements GDPR-compliant data processing workflows including consent management, data subject rights, and automated retention policies.

Bats Shell Testing Patterns

Implements robust automated testing for shell scripts using the Bash Automated Testing System (Bats) to ensure script reliability and maintainability.

Attack Tree Construction

Generates systematic attack path visualizations to identify security vulnerabilities and defensive priorities.