vibe-security-skill
Vibe Security Skill
Acknowledgement: Shared by Peter Bamuhigire, techguypeter.com, +256 784 464178.
Baseline web-application and SaaS security skill. Produces the four contract artifacts — threat model, abuse case list, auth/authz matrix, secret handling plan — that downstream specialist skills (api-design-first, deployment-release-engineering, observability-monitoring, ai-security, llm-security) consume.
Use When
- Designing a new feature or service that handles authenticated users, personal data, money, or privileged actions.
- Reviewing a web application, REST or GraphQL API, webhook handler, or multi-tenant SaaS for security defects before release.
- Auditing AI-generated code for the blind spots it reliably creates (IDOR, plain-text secrets, missing webhook signatures, no rate limiting).
- Producing the threat model, abuse cases, auth/authz matrix, or secret plan that downstream design, delivery, and ops skills depend on.
Do Not Use When
- The feature is purely cosmetic with no data, auth, or privileged action — apply
practical-ui-designinstead. - The security concern is LLM-specific (prompt injection, context exfiltration, tool abuse) — load
llm-securityorai-security. - The task is CI/CD hardening (SBOM, scanner gates, runner isolation) — load
cicd-devsecops. - The task is full audit of an existing application — load
web-app-security-audit, which uses this skill's artifacts as inputs.
More from peterbamuhigire/skills-web-dev
google-play-store-review
Google Play Store compliance and review readiness for Android apps. Use
80multi-tenant-saas-architecture
Use when designing or reviewing a multi-tenant SaaS platform — tenant
70jetpack-compose-ui
Jetpack Compose UI standards for beautiful, sleek, minimalistic Android
49gis-mapping
Use for web apps that need Leaflet-first GIS mapping, location selection,
49saas-accounting-system
Implement a complete double-entry accounting system inside any SaaS app.
47manual-guide
Generate end-user manuals and reference guides for ERP modules. Use when
41