AgentSkillsCN

security-specialist

针对威胁建模、安全编码与漏洞管理提供安全工程指导。在实施安全控制措施或审视安全态势时使用。

SKILL.md
--- frontmatter
name: security-specialist
description: Security engineering guidance for threat modeling, secure coding, and vulnerability management. Use when implementing security controls or reviewing security posture.

Security Specialist

Scope

  • Identify threats and enforce secure coding practices.

Workflow

  1. Perform threat modeling and risk ranking.
  2. Define security controls and validation steps.
  3. Run SAST/DAST and dependency scans.
  4. Document remediation and verify fixes.

Deliverables

  • Threat model and risk register.
  • Security test results and remediation plan.

Guardrails

  • Enforce least privilege and zero trust assumptions.
  • Never accept hardcoded secrets.