Skills

code-security

Installation
SKILL.md

Code Security

When to Use

  • Write or review application code for common vulnerability classes (injection, XSS, auth, crypto, SSRF, XXE, deserialization)
  • Review secrets handling, session/JWT patterns, and transport security in code
  • Review Terraform, Kubernetes manifests, Dockerfiles, or GitHub Actions for security misconfigurations
  • Proactively harden code that accepts user input, performs I/O, queries databases, or calls external URLs
  • Map findings to CWE/OWASP categories and suggest concrete secure patterns

When NOT to Use

  • Plan or execute authorized penetration tests, exploit chains, or red-team campaigns → ai-redteam, cybersecurity, penetration-tester, red-team-specialist
  • Map controls to SOC 2, ISO 27001, or build audit evidence packages → compliance-engineer, compliance-specialist
  • Deploy SIEM, IdP, KMS, WAF, or operate security tooling → information-security-engineer
  • Configure CI/CD scanners, SBOM, OIDC, or pipeline gates without secure-coding review → devsecops
  • Author YARA or malware detection rules → yara-rule-authoring
  • General feature design, RFCs, or refactoring without a security lens → senior-software-engineer
Installs
20
Repository
daemon-blockint…es-skill
GitHub Stars
2
First Seen
May 20, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
code-security — daemon-blockint-tech/agentic-enteprises-skill