Agent-Skills.md

Agent Skills: Cybersecurity Risk Assessor Skill

Medical device cybersecurity risk assessment skill per FDA premarket and postmarket guidance

Risk ManagementID: a5c-ai/babysitter/cybersecurity-risk-assessor

Repository

a5c-ai/babysitter
a5c-aiLicense: MIT
244

Install this agent skill to your local

pnpm dlx add-skill https://github.com/a5c-ai/babysitter/tree/HEAD/library/specializations/domains/science/biomedical-engineering/skills/cybersecurity-risk-assessor

Skill Files

Browse the full folder contents for cybersecurity-risk-assessor.

Download Skill

Loading file tree…

library/specializations/domains/science/biomedical-engineering/skills/cybersecurity-risk-assessor/SKILL.md

Skill Metadata

Name
cybersecurity-risk-assessor
Description
Medical device cybersecurity risk assessment skill per FDA premarket and postmarket guidance

Cybersecurity Risk Assessor Skill

Purpose

The Cybersecurity Risk Assessor Skill evaluates cybersecurity risks for medical devices per FDA guidance and IEC 81001-5-1, supporting threat modeling, vulnerability assessment, and security control implementation.

Capabilities

  • Threat modeling (STRIDE methodology)
  • Vulnerability assessment
  • SBOM (Software Bill of Materials) generation
  • Security control identification
  • Penetration testing planning
  • Cybersecurity documentation for FDA submissions
  • Attack surface analysis
  • Security architecture review
  • Coordinated vulnerability disclosure planning
  • Postmarket cybersecurity management
  • Patch management planning

Usage Guidelines

When to Use

  • Assessing device cybersecurity risks
  • Planning penetration testing
  • Preparing FDA cybersecurity submissions
  • Managing software dependencies

Prerequisites

  • Software architecture documented
  • Network connectivity defined
  • Data flows identified
  • Third-party components cataloged

Best Practices

  • Integrate cybersecurity from design inception
  • Maintain current SBOM
  • Plan for security updates throughout lifecycle
  • Establish vulnerability disclosure process

Process Integration

This skill integrates with the following processes:

  • Software Development Lifecycle (IEC 62304)
  • Medical Device Risk Management (ISO 14971)
  • 510(k) Premarket Submission Preparation
  • Post-Market Surveillance System Implementation

Dependencies

  • FDA Cybersecurity guidance
  • IEC 81001-5-1 standard
  • SBOM tools (CycloneDX, SPDX)
  • Vulnerability databases (NVD, CVE)
  • Threat modeling frameworks

Configuration

cybersecurity-risk-assessor:
  threat-methodologies:
    - STRIDE
    - PASTA
    - attack-trees
  sbom-formats:
    - CycloneDX
    - SPDX
  security-tiers:
    - Tier-1-higher
    - Tier-2-standard
  control-frameworks:
    - NIST-CSF
    - IEC-62443

Output Artifacts

  • Threat models
  • Vulnerability assessments
  • SBOM documents
  • Security architecture documents
  • Penetration test plans
  • FDA cybersecurity submissions
  • Security control matrices
  • Patch management plans

Quality Criteria

  • All threat vectors identified
  • Vulnerabilities assessed with CVSS scores
  • SBOM is complete and current
  • Security controls address identified risks
  • Documentation meets FDA requirements
  • Postmarket security plan established