security-audit

> Agent for `rpa-workflow-resilience-review`. Reviews exported RPA workflow definitions (UiPath XAML, Automation Anywhere, Power Automate Desktop, Blue Prism) for resilience and security defects that cause unattended bots to fail silently in production.

Use this skill to assign consistent risk labels to a Legal or HR matter — severity ratings, privilege and privacy sensitivity labels, retaliation and discrimination risk labels, matter-type classes, escalation-gate triggers, and the audit-log schema. It standardizes the…

Use this skill when reviewing Falco rules files, falco.yaml configuration, or runtime security posture for a Kubernetes workload. Trigger when a user provides Falco rules YAML, asks whether their Falco setup covers a specific threat, questions rule exception scope, or wants to…

Use this skill when reviewing an influencer campaign audit pack — campaign brief, creator agreement excerpt, platform post descriptions or screenshot descriptions, and the disclosure format and placement specification — against FTC Endorsement Guides to identify undisclosed…

Use this skill when reviewing Prometheus or AlertManager configuration for cardinality, alerting correctness, scrape security, remote_write safety, or retention adequacy. Trigger when a user provides prometheus.yml, alertmanager.yml, recording rules YAML, alerting rules YAML, or…

Use this skill when a user provides a Helm chart or asks to review Helm chart quality, security, or testability — including Chart.yaml, values.yaml, templates/, tests/, or chart-testing CI configuration.

Use this skill when the user provides raw Kubernetes YAML manifests or asks to review K8s manifests for quality, security, or policy compliance — covering Deployment, StatefulSet, DaemonSet, Service, Ingress, NetworkPolicy, RBAC, and CRD resources.

Use this skill when reviewing exported RPA workflow definitions for resilience and security defects that cause unattended bots to fail silently in production. Trigger when a user provides UiPath XAML files, Automation Anywhere bot exports, Power Automate Desktop flow…

Use this skill when reviewing Sigstore Cosign supply chain security for Kubernetes workloads. Trigger when the user asks whether images are properly signed, whether Kyverno imageVerify policy is correctly scoped, whether SLSA provenance attestations exist, whether SBOM…

Implement safety guardrails for AI systems — content filtering, prompt injection detection, output validation, bias mitigation, and responsible AI practices. Use when tasks involve adding safety layers to LLM applications, detecting prompt injection attacks, filtering harmful…

Run autonomous AI-driven penetration tests on web applications using tools like Shannon, PentAGI, and similar frameworks. Use when tasks involve setting up automated penetration testing pipelines, combining AI agents with security tools (nmap, subfinder, nuclei, sqlmap),…

Audit Wi-Fi networks with the aircrack-ng suite. Use when a user asks to test their own wireless network, capture WPA2 handshakes, crack captured handshakes offline, put an adapter into monitor mode, or perform a wireless pentest under an authorized engagement.

Implement tamper-evident audit logs for compliance (SOC 2, HIPAA, PCI DSS). Use when building compliance audit trails, tracking who did what and when, or implementing immutable event logs that satisfy regulatory retention requirements.

Check for data breaches and credential leaks using HaveIBeenPwned API and other sources. Use when: checking if an email or domain is in a known breach, assessing corporate credential exposure, password hygiene audits, or pre-engagement phishing simulation scoping.

Test web application security with Burp Suite. Use when a user asks to intercept HTTP traffic, test for web vulnerabilities, fuzz API endpoints, analyze authentication flows, or perform manual web application pentesting.

Protect servers with CrowdSec collaborative security. Use when a user asks to block malicious IPs, detect brute force attacks, protect web servers, or set up a community-driven firewall and intrusion detection system.

Discover hidden content, directories, subdomains, and API endpoints with ffuf — the fastest web fuzzer. Use when someone asks to "find hidden directories", "fuzz URLs", "discover API endpoints", "subdomain enumeration", "content discovery", "ffuf", "brute force paths", or "find…

Brute force directories, files, DNS subdomains, and virtual hosts with Gobuster. Use when a user asks to discover hidden endpoints, enumerate subdomains, find backup files, or perform web content discovery during penetration testing.

GPU-accelerated password hash recovery with hashcat. Use when a user asks to crack NTLM/bcrypt/MD5/SHA/WPA hashes, run mask or rule-based attacks, convert a PCAP to a crackable hash, or benchmark hash cracking throughput on their own hardware.

Run online login brute-force and password spraying with THC Hydra. Use when a user asks to test the login strength of SSH/FTP/HTTP/SMB/RDP services they own, validate a credential list against a target during an authorized engagement, or run a CTF login brute challenge.

Crack password hashes offline with John the Ripper. Use when a user asks to identify an unknown hash format, recover a forgotten password from a local database or ZIP file, run a CTF hash challenge, or audit the strength of hashes from a system they own.

Build custom Maltego transforms for visual OSINT graph analysis and relationship mapping. Use when: mapping connections between domains, IPs, emails, persons, and organizations; visual threat intelligence; complex OSINT correlation across multiple data sources.

Exploit vulnerabilities with Metasploit Framework. Use when a user asks to exploit known CVEs, generate payloads, perform post-exploitation, pivot through networks, or build exploit chains in penetration tests.

Scan web servers for vulnerabilities with Nikto. Use when a user asks to audit web server configuration, find outdated software, detect dangerous files, check for misconfigurations, or perform web server security scanning.

Perform network reconnaissance with Nmap. Use when a user asks to scan networks, discover hosts and services, detect OS versions, find open ports, enumerate service versions, or perform initial reconnaissance for a penetration test.