xss-prevention
Prevent Cross-Site Scripting (XSS) attacks through input sanitization, output encoding, and Content Security Policy. Use when handling user-generated content in web applications.
api-rate-limiting
Implement API rate limiting strategies using token bucket, sliding window, and fixed window algorithms. Use when protecting APIs from abuse, managing traffic, or implementing tiered rate limits.
api-security-hardening
Secure REST APIs with authentication, rate limiting, CORS, input validation, and security middleware. Use when building or hardening API endpoints against common attacks.
symfony:api-platform-security
Secure API Platform resources with security expressions, voters, and operation-level access control
symfony:rate-limiting
Implement rate limiting with Symfony RateLimiter component; configure sliding window, token bucket, and fixed window algorithms
discover-cryptography
Automatically discover cryptography skills when working with encryption, TLS, certificates, PKI, and security
discover-security
Automatically discover security skills when working with authentication, authorization, input validation, security headers, vulnerability assessment, or secrets management. Activates for application security, OWASP, and security hardening tasks.
discover-protocols
Automatically discover protocol skills when working with HTTP, TCP, UDP, QUIC, and network protocols
mapbox-token-security
Security best practices for Mapbox access tokens, including scope management, URL restrictions, rotation strategies, and protecting sensitive data. Use when creating, managing, or advising on Mapbox token security.
ffuf-web-fuzzing
Expert guidance for ffuf web fuzzing during penetration testing, including authenticated fuzzing with raw requests, auto-calibration, and result analysis
waf-bypass-hunter
Bypass a Coraza WAF protecting a vulnerable Next.js 16 backend. Analyze parser differentials between Go (WAF) and Node.js (backend) to find bypasses.
ctf-solver
Solve CTF (Capture The Flag) challenges by analyzing challenge descriptions, source code, and interacting with challenge environments to capture flags.
vps-checkup
SSH into an Ubuntu VPS (Docker) for a read-only health/security/update report (UFW + fail2ban) and propose fixes; apply updates/restarts only with explicit confirmation. Use when the user wants a read-only VPS health/security check.
vulnerability-scanner
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
red-team-tactics
Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.
cloudflare-turnstile
|
repomix-safe-mixer
Safely package codebases with repomix by automatically detecting and removing hardcoded credentials before packing. Use when packaging code for distribution, creating reference packages, or when the user mentions security concerns about sharing code with repomix.
security
OWASP security patterns, secrets management, security testing
Page 12 of 15 · 260 results