Security

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.

Expert knowledge for building web APIs and real-time applications with Composable Rust. Use when building HTTP REST APIs with Axum, implementing WebSocket for real-time updates, working with authentication (magic link, OAuth, passkeys), setting up email providers (SMTP, Console), designing API routes or request handlers, or questions about web integration and real-time communication.

Deploys public-facing apps that handle their own authentication (like Jellyfin, game servers) without Authelia forward auth

VeloxTS framework assistant for building full-stack TypeScript APIs. Helps with procedures, generators (velox make), REST routes, authentication, validation, and common errors. Use when creating endpoints, adding features, debugging issues, or learning VeloxTS patterns.

Multi-agent and MCP pipeline security with 5-layer defense architecture. Use when building MCP servers, multi-agent systems, or any pipeline that handles user input to prevent prompt injection and ensure proper authorization.

Why pinning GitHub Actions to SHA-256 commits matters for supply chain security. Attack vectors from unpinned actions and comparison of tag vs SHA pinning.

Searches the NIST NVD database for CVE vulnerabilities using API 2.0. Returns CVE details, CVSS scores, affected software, and references. Use when user asks about "CVE", "vulnerability database", "NIST", "NVD", "security advisory", "CVE-2024", "CVE-2023", "脆弱性", "セキュリティアドバイザリ", or wants to find known vulnerabilities for specific software.

Validates OSCAL System Security Plan documents against NIST 800-18 Rev 1 requirements and FedRAMP baselines. Identifies missing elements, quality issues, and provides remediation guidance for achieving ATO compliance.

Web crawling and scraping with analysis. Use for crawling websites, security scanning, and extracting information from web pages.

Security best practices for production applications including PII protection, input validation, SQL injection prevention, XSS mitigation, and secure logging. Apply when handling user data, authentication, or external inputs.

Secure GKE networking with VPC-native IP allocation, zero-trust network policies, Private Service Connect endpoints, and Cloud Armor DDoS protection layers.

Perform thorough code review with security and quality checks. Use before commits or when reviewing PRs.

Implement role-based access control (RBAC) with user roles (admin, lead, member) and permission middleware. Use when adding authorization or restricting endpoints by role.

Use when you need to plan technical solutions that are scalable, secure, and maintainable.

Review code changes for correctness, security, performance, and maintainability. Use for PR reviews,code audits, pre-merge checks, or quality validation of Laravel + React code. EXCLUSIVE to reviewer agent.

Comprehensive SecOps skill for application security, vulnerability management, compliance, and secure development practices. Includes security scanning, vulnerability assessment, compliance checking, and security automation. Use when implementing security controls, conducting security audits, responding to vulnerabilities, or ensuring compliance requirements.

Enterprise-grade cloud architecture expertise with production-ready patterns for AWS (Lambda 3.13, ECS/Fargate 1.4.0, RDS, CDK 2.223.0), GCP (Cloud Run Gen2, Cloud Functions 2nd gen, Cloud SQL), Azure (Functions v4, Container Apps, AKS), and multi-cloud orchestration (Terraform 1.9.8, Pulumi 3.x, Kubernetes 1.34). Covers serverless architectures, container orchestration, multi-cloud deployments, cloud-native databases, infrastructure automation, cost optimization, security patterns, and disaster recovery for 2025 stable versions.

OAuth 2.0 and OpenID Connect implementation patterns. Use when implementing authentication, authorization flows, or integrating with OAuth providers like Google, GitHub, or custom identity providers.

ISO 27001 ISMS expert. Provides guidance on management system requirements, Annex A controls, certification process, and continuous improvement for information security.

セキュリティレビュー - OWASP Top 10、インジェクション対策、認証・セッション管理、セキュリティヘッダーの観点からコードをレビュー