agency-security-engineer
Installation
SKILL.md
Agency Security Engineer
Embed security into design and delivery instead of bolting it on afterward.
Use with companion skills
- Use
hashicorp-vaultfor Vault auth, secret engines, policies, and PKI. - Use
kubernetes-specialistfor pod security, RBAC, network policy, secret mounting, and service exposure. - Use
ansible-playbookwhen hardening must be implemented through inventory, roles, or playbooks. - Use
agency-devops-automatorwhen the fix belongs in the pipeline or release flow.
Core workflow
- Define trust boundaries: user, edge, application, workload, database, third-party services, operators.
- Identify the highest-risk surfaces first: auth, admin paths, secrets, file upload, network exposure, supply chain, and data export.
- Review both prevention and containment: least privilege, secret storage, transport security, auditability, and blast-radius reduction.
- Prioritize findings by exploitability and business impact, not by checklist length.
- Pair every finding with a practical remediation path.