Security & Testing Agent Skills

IDOR Vulnerability Testing

Provides comprehensive methodologies for detecting, exploiting, and remediating Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.

Red Team Tactics & Adversary Simulation

Simulates adversary behaviors and security assessments based on the industry-standard MITRE ATT&CK framework.

Backend Test-Driven Development

Guides the development of NestJS backends using a strict, iterative Test-Driven Development (TDD) methodology.

Anthropic Web Testing

Facilitates end-to-end testing and interaction with local web applications using Playwright scripts and automated server management.

Access Control Auditor

Audits IAM policies, ACLs, and permission configurations to identify security vulnerabilities and privilege escalation paths.

Access Control Auditor

Audits system access controls and IAM policies to identify security vulnerabilities, misconfigurations, and privilege escalation risks.

Access Control Auditor

Audits and identifies vulnerabilities in IAM policies, network ACLs, and application-level access controls to ensure security compliance.

Accessibility Audit & Compliance

Performs automated accessibility audits to ensure web applications meet WCAG standards and ARIA best practices.

Web Accessibility Auditor

Conducts automated accessibility audits to ensure web applications comply with WCAG standards and ARIA best practices.

Snapshot Test Manager

Automates the analysis and management of snapshot test failures across major JavaScript testing frameworks.

API Fuzzing & Security Testing

Performs automated fuzz testing on REST APIs to discover vulnerabilities, input validation flaws, and potential security breaches.

API Test Automation

Automates the generation and execution of comprehensive API tests for REST and GraphQL endpoints to ensure contract compliance and security.

Automated API Test Adapter

Automates the generation and execution of comprehensive test suites for REST and GraphQL APIs to ensure contract compliance and security.

Authentication Security Validator

Validates application authentication mechanisms against security best practices and industry standards to identify vulnerabilities.

Secure Authentication Validator

Validates authentication implementations against security best practices to identify vulnerabilities in JWT, OAuth, and session management.

Browser Compatibility Tester

Automates cross-browser testing across multiple devices and browsers to ensure consistent web application performance and visual fidelity.

Cross-Browser Compatibility Tester

Automates multi-browser and cross-device testing to ensure consistent web application performance across Chrome, Firefox, Safari, and Edge.

Chaos Engineering Specialist

Designs and executes controlled chaos engineering experiments to identify system vulnerabilities and improve overall service resilience.

Chaos Engineering Toolkit

Designs and executes controlled failure injection experiments to validate system resilience and recovery mechanisms.

Infrastructure Compliance Checker

Analyzes infrastructure configurations against SOC2, HIPAA, and PCI-DSS standards to identify security risks and compliance gaps.

Compliance Report Generator

Automates the creation of professional compliance reports and security audits for standards like HIPAA, SOC 2, and PCI DSS.

Compliance Report Generator

Automates the creation of professional compliance and security audit reports for major regulatory standards like HIPAA, PCI DSS, and SOC 2.

Container Security Scanner

Scans container images and running containers for vulnerabilities using industry-standard tools like Trivy and Snyk.

API Contract Validator & Pact Tester

Validates API contracts using consumer-driven testing and OpenAPI specifications to ensure seamless compatibility between providers and consumers.

API Contract Validator

Validates API contracts and ensures backward compatibility using Pact and OpenAPI specifications.

CORS Policy Validator

Validates and audits Cross-Origin Resource Sharing (CORS) configurations to identify security vulnerabilities and ensure compliant web access policies.

CORS Policy Validator

Analyzes and validates Cross-Origin Resource Sharing (CORS) configurations to identify security vulnerabilities and ensure policy compliance.

CSRF Security Validator

Identifies and validates Cross-Site Request Forgery (CSRF) protection mechanisms in web applications to prevent unauthorized state-changing attacks.

CSRF Security Validator

Validates web application endpoints and security configurations to identify and remediate Cross-Site Request Forgery (CSRF) vulnerabilities.

CSRF Security Validator

Audits web applications for Cross-Site Request Forgery vulnerabilities by validating security tokens, cookie attributes, and endpoint protections.