yariv1025
@yariv1025
Public Skills
agent-dev-guardrails
by yariv1025
Enforce disciplined agent development workflows with plan-first development, small-slice execution, specialized self-review roles, quality gates, and project setup. Use when starting a new project, setting up development conventions, wanting structured planning, or needing the agent to follow best practices for code quality, review, and validation.
python-engineering
by yariv1025
Production Python engineering patterns covering architecture, observability, testing, performance/concurrency, and core practices. Use when designing Python systems, implementing async/sync APIs, setting up monitoring, structuring tests, optimizing performance, or following Python best practices.
owasp-cicd-top-10
by yariv1025
"OWASP Top 10 CI/CD Security Risks - prevention, detection, and remediation for pipeline security. Use when securing or reviewing CI/CD - flow control, IAM, dependency chain, poisoned pipeline execution, PBAC, credential hygiene, system config, third-party services, artifact integrity, logging and visibility."
owasp-kubernetes-top-10
by yariv1025
"OWASP Kubernetes Top 10 - prevention, detection, and remediation for Kubernetes security. Use when designing or reviewing K8s workloads and clusters - workload config, supply chain, RBAC, policy enforcement, logging, authentication, network segmentation, secrets, cluster components, vulnerable components."
owasp-privacy-top-10
by yariv1025
"OWASP Top 10 Privacy Risks - prevention, detection, and remediation for privacy in web applications. Use when addressing app vulnerabilities, data leakage, breach response, consent, transparency, data deletion, data quality, session expiration, user access rights, excessive data collection."
owasp-cloud-native-top-10
by yariv1025
"OWASP Cloud-Native Application Security Top 10 - prevention, detection, and remediation for containers, orchestration, and cloud-native apps. Use when securing insecure config, injection, auth, CI/CD and supply chain, secrets, network policies. Note - official list has 6 risks; project archived."
owasp-llm-top-10
by yariv1025
"OWASP Top 10 for LLM Applications - prevention, detection, and remediation for LLM and GenAI security. Use when building or reviewing LLM apps - prompt injection, information disclosure, training/supply chain, poisoning, output handling, excessive agency, system prompt leakage, vectors/embeddings, misinformation, unbounded consumption."
owasp-serverless-top-10
by yariv1025
"OWASP Serverless Top 10 - prevention, detection, and remediation for serverless (Lambda, Functions) security. Use when building or reviewing serverless apps - event injection, over-permissioned functions, insecure deps, secrets, config, and other serverless-specific interpretations of the Web Top 10."
owasp-api-security-top-10
by yariv1025
"OWASP API Security Top 10 - prevention, detection, and remediation for REST/GraphQL/API security. Use when designing or reviewing APIs - object- and function-level authorization, authentication, rate limiting and resource consumption, sensitive business flows, SSRF, API inventory and versioning, or consumption of third-party APIs."
owasp-iot-top-10
by yariv1025
"OWASP IoT Top 10 - prevention, detection, and remediation for IoT device and ecosystem security. Use when designing or reviewing IoT devices - passwords, network services, ecosystem interfaces, secure updates, components, data transfer/storage, device management, default settings, physical hardening, privacy."
owasp-top-10
by yariv1025
"OWASP Top 10 web application security risks - prevention, detection, and remediation. Use when implementing or reviewing access control, authentication, crypto/sensitive data, input validation and injection, secure design, security configuration, dependency management, session/identity, deserialization or CI/CD integrity, logging and monitoring, or server-side requests (SSRF)."
owasp-mobile-top-10
by yariv1025
"OWASP Mobile Top 10 - prevention, detection, and remediation for iOS/Android app security. Use when building or reviewing mobile apps - credentials, supply chain, auth, input/output validation, communication, privacy, binary protection, config, data storage, cryptography."