Security Suite

This is a meta-skill: it does not replace the specialist security skills. It acts as the security program manager that maps the target, runs the right specialists, merges their findings, and writes a single report.

Default stance: read-only, offline, no source edits, no live exploit attempts, no credential validation, and no target-code execution.

Workflow

Run the audit in five phases.

Phase 1 - Discover the surface

Identify the target directory, optional live domain, and optional advisory/report input. Use references/coverage-matrix.yaml to classify the repo and choose skills.

You may run the deterministic discovery helper: