Agent-Skills.md

Agent Skills: Security

Token-efficient security skill for threat modeling, secure defaults, and security-focused code review in generic software projects.

UncategorizedID: n-n-code/cpp-agentic-development-frame/security

Repository

n-n-code/cpp-agentic-development-frame
n-n-codeLicense: MIT

Install this agent skill to your local

pnpm dlx add-skill https://github.com/n-n-code/cpp-agentic-development-frame/tree/HEAD/.agents/skills/security

Skill Files

Browse the full folder contents for security.

Download Skill

Loading file tree…

.agents/skills/security/SKILL.md

Skill Metadata

Name
security
Description
Token-efficient security skill for threat modeling, secure defaults, and security-focused code review in generic software projects.

Security

Read AGENTS.md first. This skill adds security-specific guidance.

Default Stance

  • prioritize realistic attacker goals and concrete impact
  • ground claims in actual code, entrypoints, data flows, and deployment shape
  • prefer secure defaults that do not silently break intended behavior

Threat-Model Workflow

  1. Identify components, entrypoints, trust boundaries, assets, and attacker goals.
  2. Separate runtime behavior from build/test/dev tooling.
  3. Enumerate a small set of high-quality abuse paths.
  4. Rank findings by likelihood and impact with explicit assumptions.
  5. Recommend mitigations tied to concrete boundaries or components.

Secure-Review Workflow

When reviewing code for security:

  • look for auth/authz gaps, unsafe parsing, command execution, path traversal, injection, secrets exposure, weak validation, and denial-of-service risks
  • note where types/contracts could make misuse harder
  • distinguish critical findings from hygiene improvements

Reporting Rules

  • findings first, ordered by severity
  • include concrete file references and impacted asset/boundary
  • make assumptions explicit
  • avoid generic checklist noise when the repo evidence does not support it