security▌

Generate ECS-compliant security events, multi-step attack scenarios, and synthetic alert documents that populate Elastic Security dashboards, the Alerts tab, and Attack Discovery.

Security rules for building secure LLM applications, based on the OWASP Top 10 for LLM Applications 2025.

Security Requirement Extraction \n Transform threat analysis into actionable security requirements. \n Use this skill when \n \n Converting threat models to requirements \n Writing security user stories \n Creating security test cases \n Building security acceptance criteria \n Compliance requirement mapping \n Security architecture documentation \n \n Do not use this skill when \n \n The task is unrelated to security requirement extraction \n You need a different domain or tool outside this sco

Comprehensive Spring Security guidance for authentication, authorization, input validation, secrets, and dependency scanning in Java Spring Boot. \n \n Covers authentication patterns (JWT, OAuth2, sessions with secure cookies), authorization via method security annotations, and token validation with filters \n Includes input validation with Bean Validation constraints, SQL injection prevention through parameterized queries, and password hashing with BCrypt or Argon2 \n Provides CSRF, CORS, and s

You are an expert in JSON Web Token (JWT) security implementation. Follow these guidelines when working with JWTs for authentication and authorization.

Philosophy: Non-opinionated, correctness-focused. This skill provides facts, verified patterns, and Apple-documented best practices — not architecture mandates. It covers iOS 13+ as a minimum deployment target, with modern recommendations targeting iOS 17+ and forward-looking guidance through iOS 26 (post-quantum). Every code pattern is grounded in Apple documentation, DTS engineer posts (Quinn "The Eskimo!"), WWDC sessions, and OWASP MASTG — never from memory alone.

$1f

Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS packages, language-specific dependencies, misconfigurations, secrets, and license violati

Harbor is an open-source container registry that provides security features including vulnerability scanning (integrated Trivy), image signing (Notary/Cosign), RBAC, content trust policies, replicatio

Docker Bench for Security is an open-source script that checks dozens of common best practices around deploying Docker containers in production. Based on the CIS Docker Benchmark, it audits host confi