security-audit

> Agent for gcp-daily-operations-briefing-coordinator. Coordinate the daily GCP operations standup — cost delta from previous day, quota warning review, failed deployment detection, Security Command Center finding triage, SLO burn rate alert review, and action item assignment.

> Agent for `gcp-gke-platform-operator`. Operate GKE clusters (Standard and Autopilot), manage node pools, configure Workload Identity, enforce Binary Authorization, plan node pool upgrades, and review cluster security posture.

> Agent for `gcp-iam-least-privilege-review`. Audit GCP IAM bindings across the resource hierarchy (org/folder/project), identify overprivileged Service Accounts, review Workload Identity Federation configurations, evaluate org policy conditions, and recommend least-privilege…

> Agent for `gcp-landing-zone-architect`. Design and review GCP landing zone foundations: organization setup, folder hierarchy, resource hierarchy, org policies baseline, Shared VPC, billing account structure, Security Command Center activation, and audit logging.

> Agent for `gcp-live-gke-rollout-guard`. Gate GKE deployment mutations, node pool upgrades, and cluster control-plane version changes against rollback posture and PDB audit before any production change.

> Agent for `gcp-live-iam-policy-change-guard`. Gate IAM binding mutations, org policy changes, and Service Account key creation — org-wide blast radius, cannot be undone without a full audit trail.

> Agent for `gcp-networking-observability`. Investigate GCP network issues using VPC Flow Logs, firewall logs, Cloud NAT logs, threat logs, and networking metrics with a BigQuery-first methodology.

> Agent for gcp-registry-artifact-governor. Govern GCP Artifact Registry — container image signing via Binary Authorization, vulnerability scanning via Container Analysis, repository IAM least privilege, artifact retention policies, and supply chain security posture.

> Agent for `gcp-secret-kms-lifecycle-steward`. Audit and govern Cloud KMS key lifecycles, Secret Manager secrets, CMEK configurations across GCP services (Cloud SQL, BigQuery, GCS, Compute), key rotation schedules, and envelope encryption patterns.

> Agent for `gcp-security-posture-hardening`. Review GCP security posture via Security Command Center findings, CIS GCP Benchmark gaps, org policy enforcement baseline, Assured Workloads controls, and CSPM recommendations.

> Agent for `gcp-solution-architect`. Design GCP solutions aligned with the Google Cloud Architecture Framework — reliability, security, cost optimization, operational excellence, and performance efficiency — covering resource hierarchy design, product selection, and…

> Agent for `gcp-waf-security-review`. Evaluates GCP workload security posture against the Well-Architected Framework security pillar.

Review Amazon Bedrock agents, AgentCore, Guardrails, knowledge bases, action groups, memory, MCP/tool integrations, prompt-injection and prompt-leakage defenses, PII handling, encryption, logging, observability, and least-privilege IAM. Use for AWS-native GenAI and agent…

Map AWS compliance evidence for audits across Security Hub controls, AWS Config rules/conformance packs, Audit Manager assessments, evidence folders, manual evidence, AWS Artifact reports, CloudTrail, and control narratives. Use for evidence packaging and audit readiness, not…

Review and design AWS landing zones, AWS Control Tower environments, Organizations structures, OUs, account vending patterns, guardrails, central logging, security/audit accounts, and multi-account governance. Use when the user asks how to structure AWS accounts or govern a…

Use this skill when reviewing AWS ACM Private CA (Private Certificate Authority) issuer configurations for cert-manager. Trigger on any request to audit AWSPCAIssuer, AWSPCAClusterIssuer, IRSA policy for cert-manager, certificate template ARNs, CRL configuration, or…

Review broad AWS security posture across Security Hub CSPM, GuardDuty, Inspector, Macie, Config, CloudTrail, IAM, public exposure, vulnerability findings, and remediation governance. Prefer compliance evidence mapper for audit evidence packs, IAM skill for policy surgery, S3…

Review AWS workloads against the Well-Architected Framework Security Pillar: identity foundations, detective controls, infrastructure protection, data protection, and incident response readiness.

Design and operate Apigee X API proxies — rate limiting, OAuth/JWT security policies, quota plans, developer portal setup, and API product management.

Configure Assured Workloads for regulated workloads (FedRAMP High/Moderate, HIPAA, PCI-DSS, ITAR, IL4/IL5), audit controls implementation, and gather compliance evidence using Security Command Center and Asset Inventory.

Coordinate the daily GCP operations standup — cost delta from previous day, quota warning review, failed deployment detection, Security Command Center finding triage, SLO burn rate alert review, and action item assignment.

Operate GKE clusters (Standard and Autopilot), manage node pools, configure Workload Identity, enforce Binary Authorization, plan node pool upgrades, and review cluster security posture.

Audit GCP IAM bindings across the resource hierarchy (org/folder/project), identify overprivileged Service Accounts, review Workload Identity Federation configurations, evaluate org policy conditions, and recommend least-privilege remediation. Prefer…

Design and review GCP landing zone foundations including organization setup, folder hierarchy, org policy baseline, Shared VPC, billing account structure, Security Command Center, and audit logging.

Gate BigQuery dataset deletion, table truncation, and authorized view changes against a full downstream dependency audit and export confirmation. Dataset deletion is immediate and permanent with no recycle bin — this guard ensures no dataset is deleted without enumerating all…