Penetration Testing

MVVM, Repository pattern, Dependency injection, SOLID principles. Use when designing app structure.

Build programmatic SEO pages with server-side meta tags and structured data. Use this skill to implement database schemas, dynamic routes, SEO injection, sitemaps, and JSON-LD structured data.

Proper delegation patterns for Task() invocations with governance context injection

Audit code for security vulnerabilities using OWASP Top 10, STRIDE threat modeling, and secure coding practices. Identifies SQL injection, XSS, CSRF, auth issues, and secrets exposure. Returns prioritized findings with remediation.

Execute Indirect Prompt Injection attacks for Gray Swan AI Arena Wave 2 with pre-built payloads, model profiling, and evidence collection automation

Execute AI security CTF challenges across any competition platform with adaptable workflows for indirect prompt injection, jailbreaks, agent exploitation, and evidence collection with research-grounded techniques

Write clean, maintainable Go code following Clean Architecture, dependency injection, and ChecklistApplication patterns. Use when writing new Go code, refactoring, or implementing features.

API security best practices and common vulnerability prevention. Enforces security checks for authentication, input validation, SQL injection, XSS, and OWASP Top 10 vulnerabilities. Use when building or modifying APIs.

Feature-first architecture patterns for scalable Flutter apps. Covers project structure, dependency injection with Riverpod, repository pattern, and clean architecture layers. Use when setting up new projects, creating features, or making structural decisions.

Security best practices, OWASP guidelines, and vulnerability prevention checklist. (project)

CVE vulnerability checker for software dependencies and components. Includes KEV (Known Exploited Vulnerabilities) analysis, exploit verification, and white hat security assessment. Use when checking for known vulnerabilities, scanning dependencies, analyzing SBOM for CVEs, verifying security of packages/libraries, identifying actively exploited vulnerabilities, or performing KEV-based security assessments. Triggers on: CVE check, vulnerability scan, dependency security, SBOM analysis, security audit, package vulnerability, KEV check, exploited vulnerability, ransomware CVE, CISA KEV, exploit verification, white hat, attack vector analysis.

Audit frontend codebases for security vulnerabilities and bad practices. Use when performing security reviews, auditing code for XSS/CSRF/DOM vulnerabilities, checking Content Security Policy configurations, validating input handling, reviewing file upload security, or examining Node.js/NPM dependencies. Target frameworks include web platform (vanilla HTML/CSS/JS), React, Astro, Twig templates, Node.js, and Bun. Based on OWASP security guidelines.

FastAPI development including async endpoints, Pydantic models, dependency injection, and OpenAPI documentation. Activate for FastAPI apps, async Python APIs, and modern Python web services.

Эксперт по защите от SQL injection. Используй для parameterized queries, input validation и database security.

Comprehensive security audit with OWASP Top 10 analysis, compliance evaluation, and threat modeling using PAL MCP. Use for security reviews, vulnerability assessment, or compliance checks. Triggers on security audit requests, vulnerability scanning, or compliance reviews.

Microsoft.Extensions.DependencyInjection과 GenericHost를 사용한 의존성 주입 패턴

FastAPI framework best practices including Pydantic schemas, dependency injection, and async patterns.

Security vulnerability scanning, secret detection, dependency auditing, and OWASP best practices. Use when performing security audits, scanning for vulnerabilities, detecting exposed secrets, checking dependencies, validating security headers, implementing OWASP patterns, or when user mentions security, vulnerabilities, secrets, CVE, OWASP, npm audit, security headers, or penetration testing.

Reference for donut.party/system - component lifecycle and dependency injection library for Clojure. Use when working with component definitions, system management, refs between components, or lifecycle signals (start/stop/suspend/resume). Triggers on donut.system imports, ::ds/start, ::ds/stop, ::ds/config, ds/ref, or component-based architecture. Prefer using donut.system over mount, integrant, and stuart sierra's component.

Refining and improving user prompts for StickerNest development. Use when the user asks to improve a prompt, make a request clearer, help phrase something better, or when they give a vague request and you want to clarify. Covers prompt engineering, StickerNest context injection, and disambiguation.