Skills

cloud-audit

Installation
SKILL.md

Cloud Audit — Cloud Infrastructure Security Review

Audit cloud infrastructure configurations for misconfigurations, excessive permissions, public exposure, and compliance gaps. Covers AWS, GCP, and Azure.

Cross-references: iam-audit for the consultant-style IAM deep-dive (design / audit / migrate across identity providers and federation patterns) — this skill includes an IAM section but stays at the cloud-posture level; for role design, JIT access, workload identity federation, and migration plans, invoke iam-audit. container-audit for Kubernetes-specific posture sitting on top of cloud. secrets-audit for secrets-manager hygiene and rotation.

Findings should use the three-disposition rule (Fixed / Deferred / Accepted Risk) per owasp-audit's Report Format.

Scope the Audit

Identify:

  1. Cloud provider(s) and account(s)
  2. Regions in use
  3. Whether CLI tools are available (aws, gcloud, az) or reviewing IaC files (Terraform, CloudFormation, Pulumi)

Audit Categories

Identity and Access Management

Installs
69
Repository
briiirussell/cy…y-skills
GitHub Stars
271
First Seen
Apr 16, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykFail
cloud-audit — briiirussell/cybersecurity-skills