sast-idor
Automated detection of IDOR vulnerabilities using a three-phase subagent workflow to verify authorization and ownership checks on sensitive endpoints.
Discover reusable agent skills, browse implementation details, and find the right skill for your workflow.
102 skills found
Automated detection of IDOR vulnerabilities using a three-phase subagent workflow to verify authorization and ownership checks on sensitive endpoints.
Audit AI skills for security vulnerabilities including prompt injection, hidden instructions, tool misuse, and data exfiltration risks.
Convert PRDs, API docs, and requirements into structured acceptance, testing, integration, and launch checklists.
Initiates automated reverse engineering by discovering codebase architecture, layers, and technology stacks to facilitate system modernization or documentation.
A configuration and usage guide for the XRequest tool within the Ant Design X SDK, streamlining network integration for streaming AI interfaces.
Security-first auditing framework for AI-generated code. Provides multi-level protection including hardcoded secret detection, dangerous pattern identification, and comprehensive vulnerability audits for modern web applications.
Full-stack SDLC agent workflow managing the entire production lifecycle from intake and planning to automated testing, CI/CD, and infrastructure deployment using MCP tools.
Performs end-to-end OT/ICS threat modeling using Microsoft TMT exports and model files, mapping threats to MITRE ATT&CK for ICS, CWE, and CVSS v4.0 with automated risk-based prioritization.
Analyze codebases to generate evidence-grounded Loa artifacts using Enterprise-Grade Managed Scaffolding for structured reality mapping.
Automated security auditing for project dependencies. Scans package files (npm, pip, maven, etc.) for vulnerabilities, CVEs, and license issues, offering automated fix suggestions and integration for secure deployment workflows.
Automated security skill for identifying and validating XSS vulnerabilities, including Reflected, Stored, and DOM-based attacks across various contexts.
End-to-end startup idea validation using S.E.E.D. niche checks, STREAM 6-layer analysis, and Devil's Advocate inversion to generate PRDs.