florianbuetow
@florianbuetow
Public Skills
full-audit
by florianbuetow
This skill should be used when the user asks for a "full security audit", "exhaustive audit", "comprehensive security review", or invokes /appsec:full-audit. Launches every framework, every tool, and every red team agent, producing a dated report file.
linking
by florianbuetow
This skill should be used when the user asks to "check for linkability", "analyze cross-service tracking", "find privacy issues related to user correlation", "check for cross-domain tracking", or mentions "linkability" in a privacy context. Maps to LINDDUN category L.
config
by florianbuetow
This skill should be used when the user asks to "configure security", "appsec settings", "security preferences", or invokes /appsec:config. Manages security tool preferences and thresholds.
regression
by florianbuetow
This skill should be used when the user asks to "check for regressions", "verify fixes still hold", "regression test security", "check for reintroduced vulnerabilities", "security regression check", or "verify no old bugs returned". Also triggers when the user wants to confirm that previously fixed vulnerabilities have not been reintroduced by recent code changes.
non-compliance
by florianbuetow
This skill should be used when the user asks to "check for non-compliance", "analyze GDPR compliance", "find CCPA violations", "check HIPAA compliance", "audit regulatory requirements", or mentions "non-compliance" in a privacy context. Maps to LINDDUN category N2. No STRIDE equivalent exists.
non-repudiation-privacy
by florianbuetow
This skill should be used when the user asks to "check for non-repudiation privacy risks", "analyze excessive audit logging", "find privacy issues related to accountability", "check for forced identity linking", or mentions "non-repudiation" in a privacy context. Maps to LINDDUN category N. This is the INVERSE of STRIDE repudiation -- here too much proof is the threat.
identifying
by florianbuetow
This skill should be used when the user asks to "check for identifiability", "analyze re-identification risks", "find privacy issues related to anonymization", "check for PII exposure", or mentions "identifiability" in a privacy context. Maps to LINDDUN category I.
detecting
by florianbuetow
This skill should be used when the user asks to "check for detectability", "analyze timing side channels", "find privacy issues related to traffic analysis", "check for metadata leakage", or mentions "detectability" in a privacy context. Maps to LINDDUN category D1.
outdated-deps
by florianbuetow
This skill should be used when the user asks to "check for vulnerable dependencies", "audit dependencies", "find outdated packages", "scan for CVEs", "check for typosquatting", or mentions "vulnerable components", "outdated dependencies", or "supply chain" in a security context. Maps to OWASP Top 10 2021 A06: Vulnerable and Outdated Components.
misconfig
by florianbuetow
This skill should be used when the user asks to "check for misconfigurations", "analyze security headers", "find misconfigured settings", "check CORS policy", "find debug mode", "audit server configuration", or mentions "misconfiguration" in a security context. Maps to OWASP Top 10 2021 A05: Security Misconfiguration.
insecure-design
by florianbuetow
This skill should be used when the user asks to "check for design flaws", "analyze security design", "find insecure design patterns", "review threat model", "check business logic security", "find missing security controls", or mentions "insecure design" in a security context. Maps to OWASP Top 10 2021 A04:2021 - Insecure Design.
fix
by florianbuetow
This skill should be used when the user asks to "fix security finding", "fix vulnerability", "generate security fix", "appsec fix", "patch vulnerability", "remediate finding", or "apply security patch". Also triggers when the user references a finding ID (e.g., INJ-001) and asks for a fix, or points to a file:line and asks to fix the security issue there.
report
by florianbuetow
This skill should be used when the user asks to "generate security report", "create appsec report", "export findings", "security summary", "findings report", "executive security summary", or "export to SARIF". Also triggers when the user wants a formatted overview of all security findings, remediation progress, scanner coverage, or needs to share security status with stakeholders.
integrity
by florianbuetow
This skill should be used when the user asks to "check for integrity issues", "analyze deserialization", "find supply chain vulnerabilities", "review CI/CD security", "check SRI", or mentions "deserialization", "integrity", "pipeline security", "code signing", or "supply chain" in a security context. Maps to OWASP Top 10 2021 A08: Software and Data Integrity Failures.
auth
by florianbuetow
This skill should be used when the user asks to "check for authentication issues", "analyze auth", "find credential vulnerabilities", "review login security", "check session management", or mentions "authentication", "passwords", "MFA", "sessions", or "brute force" in a security context. Maps to OWASP Top 10 2021 A07: Identification and Authentication Failures.
business-logic
by florianbuetow
This skill should be used when the user asks to "check business logic security", "find logic flaws", "audit workflow security", "check for coupon abuse", "detect negative amount exploits", "analyze state machine security", or mentions "business logic", "workflow bypass", "negative amount", "coupon abuse", "self-referral", "state manipulation", or "time-based exploit" in a security context.
api
by florianbuetow
This skill should be used when the user asks to "check API security", "audit REST API", "find BOLA vulnerabilities", "check for mass assignment", "analyze API rate limiting", "detect excessive data exposure", or mentions "API security", "BOLA", "IDOR", "mass assignment", "rate limiting", "broken function-level authorization", "excessive data exposure", or "OWASP API Top 10" in a security context.
file-upload
by florianbuetow
This skill should be used when the user asks to "check file upload security", "analyze upload validation", "find upload vulnerabilities", "check for zip slip", "audit file upload handling", or mentions "file upload", "upload validation", "content-type check", "magic bytes", "zip slip", or "path traversal in upload" in a security context.
graphql
by florianbuetow
This skill should be used when the user asks to "check GraphQL security", "analyze GraphQL endpoint", "find GraphQL vulnerabilities", "audit GraphQL schema", "check for introspection", "analyze query depth", or mentions "GraphQL", "introspection", "query depth limit", "query complexity", "GraphQL batching", "alias abuse", or "per-field authorization" in a security context.
data-flows
by florianbuetow
This skill should be used when the user asks to "map data flows", "trace data through the system", "show how data moves", "identify trust boundaries", "find where data is encrypted or decrypted", "map PII flows", or "trace input to storage". Also triggers when the user asks about data transformation pipelines, where sensitive data is processed, or how user input reaches databases or external services.
pasta-attack-sim
by florianbuetow
This skill should be used when the user asks to "simulate attacks", "build attack trees", "model exploit chains", "score exploitability", or is running PASTA stage 6. Also triggers when the user asks about attack scenarios, red team simulation, DREAD scoring, or detection gap analysis in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 6 of 7).
pasta-threats
by florianbuetow
This skill should be used when the user asks to "analyze threats", "identify threat actors", "map attack vectors", "cross-reference MITRE ATT&CK", or is running PASTA stage 4. Also triggers when the user asks about adversary tactics, supply chain threats, or threat intelligence in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 4 of 7).
attack-surface
by florianbuetow
This skill should be used when the user asks to "map attack surface", "list entry points", "inventory API endpoints", "find all inputs", "enumerate routes", "discover exposed endpoints", or "map external interfaces". Also triggers when the user asks about exposed APIs, form handlers, file upload endpoints, WebSocket handlers, CLI argument parsers, or wants to understand where external data enters the system.
harden
by florianbuetow
This skill should be used when the user asks to "harden code", "security hardening", "improve security posture", "add security headers", "tighten security", "defensive coding suggestions", or "proactive security improvements". Also triggers when the user asks about CSP, CORS hardening, rate limiting, input validation improvements, security logging, or defense-in-depth measures.
pasta-decompose
by florianbuetow
This skill should be used when the user asks to "decompose the application", "map trust boundaries", "identify components and roles", "catalog permissions", or is running PASTA stage 3. Also triggers when the user asks about role-based access control mapping, data classification, or service-to-service trust in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 3 of 7).
logging
by florianbuetow
This skill should be used when the user asks to "check for logging issues", "analyze security logging", "find missing audit logs", "check for log injection", "audit monitoring configuration", or mentions "logging", "audit trail", "log injection", "monitoring", or "alerting" in a security context. Maps to OWASP Top 10 2021 A09: Security Logging and Monitoring Failures.
access-control
by florianbuetow
This skill should be used when the user asks to "check for access control issues", "analyze authorization", "find IDOR vulnerabilities", "audit CORS configuration", "check for privilege escalation", or mentions "access control", "authorization", "IDOR", "CORS", "JWT tampering", or "directory traversal" in a security context. Maps to OWASP Top 10 2021 A01: Broken Access Control.
crypto
by florianbuetow
This skill should be used when the user asks to "check for cryptographic issues", "analyze encryption", "find weak hashing", "audit password storage", "check for hardcoded keys", or mentions "cryptography", "encryption", "hashing", "TLS", "certificates", or "random number generation" in a security context. Maps to OWASP Top 10 2021 A02: Cryptographic Failures.
pasta-vulns
by florianbuetow
This skill should be used when the user asks to "analyze vulnerabilities", "find security weaknesses", "map CWEs", "run vulnerability analysis", or is running PASTA stage 5. Also triggers when the user asks about SAST, DAST, dependency scanning, or CWE mapping in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 5 of 7).
pasta-objectives
by florianbuetow
This skill should be used when the user asks to "define business objectives", "identify business-critical assets", "determine risk appetite", or is running PASTA stage 1. Also triggers when the user asks about compliance requirements, acceptable risk thresholds, or business impact analysis in a threat modeling context. Part of the PASTA threat modeling methodology (Stage 1 of 7).
repudiation
by florianbuetow
This skill should be used when the user asks to "check for repudiation", "analyze audit logging", "find logging gaps", or mentions "repudiation" or "non-repudiation" in a security context. Maps to STRIDE category R.
learn
by florianbuetow
This skill should be used when the user asks to "learn about security", "teach me OWASP", "security tutorial", "learn threat modeling", or invokes /appsec:learn. Interactive guided walkthrough using your codebase as teaching material.
fuzz
by florianbuetow
This skill should be used when the user asks to "generate fuzz inputs", "create fuzz tests", "fuzz test generation", "generate test payloads", "create security test cases", or "generate edge case inputs". Also triggers when the user wants intelligent test inputs for input parsers, API endpoints, file format handlers, or needs context-aware injection payloads for security testing.
review-plan
by florianbuetow
This skill should be used when the user asks to "review plan for security", "check plan for security issues", "security review of implementation plan", "audit the plan for vulnerabilities", or "check my plan before coding". Also triggers when the user mentions security in the context of an implementation plan, architecture proposal, or design document before code has been written. This is the FLAGSHIP pre-code security skill -- no other tool reviews plans at design time.