Security Suite

Purpose: Provide composable, repeatable security/internal-testing primitives for authorized binaries and repo-managed prompt surfaces.

This skill separates concerns into primitives so security workflows stay testable and reusable.

Guardrails

• Use only on binaries you own or are explicitly authorized to assess.
• Do not use this workflow to bypass legal restrictions or extract third-party proprietary content without authorization.
• Prefer behavioral assurance and policy gating over ad-hoc one-off reverse-engineering.

Primitive Model

1. collect-static — file metadata, runtime heuristics, linked libraries, embedded archive signatures.
2. collect-dynamic — sandboxed execution trace (processes, file changes, network endpoints).
3. collect-contract — machine-readable behavior contract from help-surface probing.
4. compare-baseline — current vs baseline contract drift (added/removed commands, runtime change).
5. enforce-policy — allowlist/denylist gates and severity-based verdict.
6. collect-redteam — offline repo-surface attack-pack scan for prompt-injection, tool-misuse, secret-exfiltration, and unsafe-shell regressions.