Does this skill generate formal security reports?

Yes, it generates detailed markdown reports including executive summaries, CVSS scores, risk levels, and prioritized remediation roadmaps stored in your project's .aiwg/security/ directory.

How does the skill handle data privacy concerns?

If PII (Personally Identifiable Information) is detected, the skill dispatches a specialized Privacy Officer agent to check data handling, consent mechanisms, and cross-border transfer compliance.

What methodologies does the Security Assessment skill use?

The skill primarily utilizes the STRIDE methodology for threat modeling (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) and scans codebases against the OWASP Top 10 vulnerability list.

Can I run an assessment on a single component?

Absolutely. You can trigger targeted assessments for specific services, components, or trust boundaries to focus the AI's analysis on a specific area of concern.

Security Assessment

Name: Security Assessment
Author: jmagly

byjmagly

•

Security & Testing

Conducts automated threat modeling, vulnerability scanning, and security control validation to protect software assets.

About

The Security Assessment skill provides an automated framework for evaluating software security through comprehensive STRIDE threat modeling and OWASP Top 10 vulnerability scanning. It orchestrates specialized agents—including a Security Architect and Auditor—to identify attack vectors, validate existing controls, and generate risk-ranked reports with CVSS scoring. This skill is essential for developers looking to integrate security-by-design principles into their autonomous coding workflows, ensuring that vulnerabilities are identified and remediated before production deployment.

Key Features

Comprehensive security control validation and gap analysis
Detailed reporting with CVSS risk scoring and remediation roadmaps
Deep scanning for OWASP Top 10 vulnerabilities and secrets exposure
Privacy impact assessments for PII data handling
67 GitHub stars
Automated STRIDE threat modeling and data flow analysis

Use Cases

Threat modeling specific microservices or authentication flows during development
Performing a full system security audit before a major production release
Validating compliance with security frameworks like SOC 2 or GDPR

About

Key Features

Comprehensive security control validation and gap analysis
Detailed reporting with CVSS risk scoring and remediation roadmaps
Deep scanning for OWASP Top 10 vulnerabilities and secrets exposure
Privacy impact assessments for PII data handling
67 GitHub stars
Automated STRIDE threat modeling and data flow analysis

Use Cases

Threat modeling specific microservices or authentication flows during development
Performing a full system security audit before a major production release
Validating compliance with security frameworks like SOC 2 or GDPR