security▌

Map git repository ownership to people and files, compute bus factor for sensitive code, and export graph artifacts for visualization. \n \n Builds a bipartite people-to-file ownership graph from git history with optional co-change clustering (Jaccard similarity) to identify files that move together \n Flags sensitive code paths (auth, crypto, secrets) by default; customize with a CSV config and query by tag, bus factor, or staleness \n Outputs CSV nodes/edges, JSON summaries (orphaned sensitive

Triage and review Google Workspace security alerts from Alert Center. \n \n Lists active security alerts with table formatting for quick overview \n Retrieves detailed information for specific alerts by ID \n Acknowledges alerts to mark them as reviewed or resolved \n Requires the gws-alertcenter skill as a prerequisite \n

Secure iOS apps with Keychain, CryptoKit, biometric authentication, and Apple security best practices. \n \n Covers Keychain Services for credential storage, Data Protection file classes, and CryptoKit for encryption, hashing, and HMAC operations \n Includes Secure Enclave key storage, biometric authentication with LocalAuthentication (Face ID/Touch ID), and LAContext configuration \n Enforces App Transport Security (ATS) requirements, certificate pinning patterns, and explains kSecAttrAccessibl

Comprehensive security guidance for Laravel applications to protect against common vulnerabilities.

Security audits for AI-generated code, catching vulnerabilities before they ship. \n \n Systematically checks nine vulnerability categories: secrets exposure, database access control, authentication, rate limiting, payments, mobile security, AI/LLM integration, deployment config, and input validation \n Prioritizes findings by severity (Critical → High → Medium → Low) with concrete exploit scenarios and before/after code fixes \n Designed specifically for \"vibe-coded\" apps where AI assistants

When running a security review on a codebase, follow these structured steps to identify potential vulnerabilities, leaks, and misconfigurations.

This skill provides security expertise for managing Mapbox access tokens safely and effectively.

Repository-grounded threat modeling that maps trust boundaries, assets, and abuse paths to concrete code evidence. \n \n Enumerates entry points, data flows, and trust boundaries anchored to actual repository structure and configuration \n Derives realistic attacker goals tied to specific assets (credentials, PII, integrity-critical state, compute resources) rather than generic checklists \n Prioritizes threats using likelihood and impact reasoning, with explicit assumptions about deployment, au

Comprehensive security guidelines for Perl applications covering input validation, injection prevention, and secure coding practices.

Language and framework-specific security reviews with actionable vulnerability detection and fix guidance. \n \n Supports Python, JavaScript/TypeScript, and Go with framework-specific best practices loaded from a references directory \n Operates in three modes: secure-by-default code generation, passive vulnerability detection during development, and full security audit reports with severity prioritization \n Generates detailed markdown reports with line-number references, impact statements, and