Penetration Testing

Assess vulnerability severity using CVSS scoring, classify vulnerability types (CVE vs compliance), detect false positives, and prioritize remediation workflows. Use when analyzing vulnerability data, calculating risk scores, or determining remediation priority.

Enterprise AI security patterns - LLM vulnerabilities, prompt injection defense, guardrails, PII protection, and OWASP LLM Top 10 mitigations

AvaloniaUI에서 GenericHost와 DI 사용 패턴

Security-first WordPress development with nonces, sanitization, validation, and escaping to prevent XSS, CSRF, and SQL injection vulnerabilities.

Principal .NET 10 Architect providing high-performance, idiomatic C# 14 solutions.Use when user asks about:- .NET design patterns (Singleton, Factory, CQRS, Repository, Options Pattern)- C# coding style and best practices- Architecture decisions (Minimal APIs, Modular Monoliths)- Modern C# implementations with primary constructors, records, field keywordTriggers: ".NET", "C#", "design pattern", "architecture", "Minimal API", "primary constructor", "record type", "Options Pattern", "Singleton", "Factory","CQRS", "Repository pattern", "dependency injection"

Perform automated security analysis on code changes to identify common vulnerabilities including SQL injection, path traversal, hardcoded secrets, XSS, and insecure API usage. Reviews Python code for OWASP Top 10 vulnerabilities.

This skill should be used when the user asks about "game architecture", "design patterns", "manager pattern", "singleton pattern", "ScriptableObject", "ScriptableObject architecture", "event system", "Observer pattern", "pub-sub", "MVC in Unity", "dependency injection", "service locator", or needs guidance on structuring Unity projects and game systems.

Build Roblox games with Flamework, a TypeScript framework. Use when creating services, controllers, components, networking (RemoteEvents/RemoteFunctions), dependency injection, lifecycle events, or working with Flamework decorators, macros, and configuration.

Automatically applies when creating FastAPI endpoints, routers, and API structures. Enforces best practices for endpoint definitions, dependency injection, error handling, and documentation.

This skill should be used when the user asks to "create a FastAPI endpoint", "add async route", "implement dependency injection", "create middleware", "handle exceptions", "structure FastAPI project", or mentions FastAPI patterns, routers, or API design. Provides comprehensive FastAPI development patterns with async best practices.

Helps build and extend TypeScript Express APIs using Clean Architecture, inversify dependency injection, Prisma ORM, and Railway deployment patterns established in the upkeep-io project.

Comprehensive coding standards for Java and Spring Boot projects. Use when writing new code, refactoring, or setting up project structure. Focuses on robustness, immutability, dependency injection, and maintainability.

Provides exhaustive security vulnerability checklists with severity classifications, point deductions, and detection commands. Use when performing security audits, code reviews, penetration testing preparation, or checking OWASP compliance.

Migrate from AngularJS to Angular using hybrid mode, incremental component rewriting, and dependency injection updates. Use when upgrading AngularJS applications, planning framework migrations, or modernizing legacy Angular code.

Validates PopKit security posture using concrete vulnerability patterns, automated secret scanning, and OWASP-aligned checklists

Detects various injection vulnerabilities including SQL injection, LDAP injection, XPath injection, and code injection. Use when analyzing database queries, dynamic code generation, or investigating injection attacks.

OWASP Top 10, vulnerability scanning, security best practices

Audit code for security vulnerabilities using OWASP Top 10 guidelines. Use for security audits, pre-deploymentchecks, authentication reviews, or when checking for XSS, SQL injection, CSRF, or authorization issues. EXCLUSIVE to security-expert agent.

Test web applications for security vulnerabilities including SQLi, XSS, command injection, JWT attacks, SSRF, file uploads, XXE, and API flaws. Use when pentesting web apps, analyzing authentication, or exploiting OWASP Top 10 vulnerabilities.

Prevent SQL injection by using $queryRaw tagged templates instead of $queryRawUnsafe. Use when writing raw SQL queries or dynamic queries.