Security & Testing Agent Skills

AppSec Information Disclosure Auditor

Analyzes source code to identify and mitigate sensitive data leakage, verbose error messages, and unauthorized information disclosure risks.

Crypto Security Auditor

Audits source code for cryptographic vulnerabilities, weak encryption algorithms, and insecure secret management based on OWASP standards.

Authentication Security Auditor

Audits source code for authentication vulnerabilities and session management failures to align with OWASP security standards.

AppSec Security Fix Generator

Generates and applies production-ready code fixes for security vulnerabilities and findings identified within your codebase.

PASTA Threat Modeling

Conducts sequential, risk-centric threat modeling using the 7-stage PASTA framework to align security findings with business objectives.

Threat Modeling & Security Architecture

Automates architecture-level threat modeling and STRIDE analysis to identify security gaps and visualize data flows.

GraphQL Security Auditor

Analyzes GraphQL endpoints and schemas for critical security vulnerabilities like introspection leaks, depth abuse, and missing authorization.

WebSocket Security Auditor

Analyzes WebSocket implementations for security vulnerabilities like CSWSH, missing authentication, and inadequate message validation.

Security Report Generator

Generates comprehensive security reports from vulnerability findings, scanner results, and analysis data.

Security Explainer

Explains complex security frameworks, vulnerability categories, and specific findings using real-world examples from your own codebase.

Repudiation & Audit Analysis

Analyzes source code for repudiation threats by identifying missing audit logs, insufficient event tracking, and log tampering vulnerabilities.

Ark Dashboard & UI Testing

Automates Ark Dashboard UI testing and screenshot generation for pull requests using Playwright and Kubernetes.

PASTA Application Decomposition

Analyzes application architecture to identify components, trust boundaries, and data sensitivity for formal threat modeling.

Ark Security Issue Resolver

Identifies and remediates common security vulnerabilities and penetration testing findings within the Ark framework.

AppSec Logging Auditor

Analyzes source code to identify security logging failures, sensitive data exposure in logs, and improper monitoring configurations.

SANS/CWE Top 25 Security Analyzer

Analyzes codebases for the SANS/CWE Top 25 most dangerous software weaknesses to identify and fix critical security vulnerabilities.

File Upload Security Auditor

Secures applications by identifying file upload vulnerabilities like path traversal, zip slip, and missing server-side validation.

API Security Audit

Analyzes REST and RPC APIs for security vulnerabilities aligned with the OWASP API Security Top 10.

Ark Vulnerability Fixer

Streamlines CVE research and automates security patch workflows for the Ark agentic resource platform.

Access Control Security Auditor

Analyzes source code to identify and remediate broken access control vulnerabilities including IDOR, CORS leaks, and privilege escalation.

AppSec Fix Verification

Validates security remediations by re-running scanners and performing deep AI code analysis to confirm vulnerabilities are fully resolved.

Identity Spoofing Security Analysis

Analyzes source code to identify and remediate identity spoofing vulnerabilities and authentication weaknesses based on the STRIDE threat model.

Ark Chainsaw Testing

Executes and authors end-to-end tests for Ark agentic resources using the Chainsaw testing framework.

MITRE ATT&CK Security Mapper

Enriches security findings by mapping vulnerabilities to the MITRE ATT&CK framework to visualize threat patterns and attack chains.

Fuzz Test Generation

Generates intelligent, context-aware fuzz test inputs and security test cases by analyzing application input parsers and data handlers.

Hedera Hackathon Submission Validator

Evaluates Hedera hackathon projects against official judging criteria to provide weighted scores and actionable codebase improvements.

AppSec Project Assessment

Analyzes codebase architecture, tech stacks, and data sensitivity to recommend a prioritized security testing strategy.

SSRF Security Audit

Analyzes source code to identify and mitigate Server-Side Request Forgery (SSRF) vulnerabilities and unauthorized internal network access.

Security Misconfiguration Auditor

Audits application and infrastructure configurations to identify and remediate security vulnerabilities based on OWASP standards.

Data Integrity & Tampering Analysis

Identifies security vulnerabilities related to unauthorized data modification and injection attacks using the STRIDE threat model.