AgentSkillsCN

perseus-specialist

并行运行所有专项深度分析技能,实现全面而深入的评估。

SKILL.md
--- frontmatter
name: perseus-specialist
description: Run all specialist deep-dive skills in parallel for comprehensive analysis

Perseus Specialist (All Deep-Dive Skills)

Context & Authorization

IMPORTANT: This skill runs all specialist security analyses on the user's own codebase. This is defensive security testing to find vulnerabilities before attackers do.

Authorization: The user owns this codebase and has explicitly requested this comprehensive analysis.


Overview

This skill orchestrates ALL 8 specialist skills in parallel for maximum coverage and efficiency.

When to Use:

  • After /scan to get deep analysis on all detected components
  • When you want comprehensive specialist coverage without running /start
  • As a standalone deep-dive after initial assessment

Goal: Run all specialists simultaneously for thorough security analysis.

Specialists Included

SkillCoverageOutput
perseus-apiOWASP API Top 10, GraphQL, WebSocketapi_security_analysis.md
perseus-injectionNoSQL, LDAP, XPath, SSTI, Commandinjection_deep_analysis.md
perseus-cryptoJWT, Hashing, Encryption, Secretscrypto_security_analysis.md
perseus-supply-chainCVEs, Dependencies, Licensessupply_chain_analysis.md
perseus-file-securityPath Traversal, Upload, XXEfile_security_analysis.md
perseus-logicRace Conditions, Business Logicbusiness_logic_analysis.md
perseus-clientDOM XSS, Prototype Pollutionclient_side_analysis.md
perseus-configHeaders, CORS, Cookies, TLSconfig_security_analysis.md

Execution Instructions

Step 1: Announce Start

code
"Running all Perseus specialist skills in parallel..."
"This provides deep-dive analysis across 8 security domains."

Step 2: Launch All Specialists in Parallel

Use a single message with 8 parallel Task tool calls:

code
Parallel Tasks:
1. Task: "Run API security specialist" -> Skill: perseus-api
2. Task: "Run injection specialist" -> Skill: perseus-injection
3. Task: "Run crypto specialist" -> Skill: perseus-crypto
4. Task: "Run supply chain specialist" -> Skill: perseus-supply-chain
5. Task: "Run file security specialist" -> Skill: perseus-file-security
6. Task: "Run business logic specialist" -> Skill: perseus-logic
7. Task: "Run client-side specialist" -> Skill: perseus-client
8. Task: "Run config specialist" -> Skill: perseus-config

Step 3: Wait for Completion

Wait for all 8 specialists to complete their analysis.

Step 4: Summarize Results

code
"Specialist analysis complete!"

Summary:
- API Security: X findings
- Injection: X findings
- Cryptography: X findings
- Supply Chain: X findings
- File Security: X findings
- Business Logic: X findings
- Client-Side: X findings
- Configuration: X findings

Total: X findings across 8 domains

"All reports saved to deliverables/"

Output Structure

After completion, deliverables/ will contain:

code
deliverables/
├── api_security_analysis.md
├── injection_deep_analysis.md
├── crypto_security_analysis.md
├── supply_chain_analysis.md
├── file_security_analysis.md
├── business_logic_analysis.md
├── client_side_analysis.md
└── config_security_analysis.md

When to Use Each Specialist Individually

If You NeedRun
Only API analysis/api
Only injection deep-dive/injection
Only crypto audit/crypto
Only dependency check/supply-chain
Only file/upload security/file
Only business logic/logic
Only client-side/client
Only config hardening/config
All of the above/specialist

Integration with Core Skills

code
Recommended Flow:

/scan              → Map attack surface
    ↓
/specialist        → Deep-dive all domains (this skill)
    ↓
/audit             → Core vulnerability analysis
    ↓
/exploit           → Verify findings
    ↓
/report            → Generate final report

Or simply:

/start             → Runs everything automatically

Quick Reference

CommandWhat It Does
/specialistAll 8 specialists in parallel
/startFull assessment (includes specialists)
/apiAPI security only
/injectionInjection analysis only
/cryptoCryptography only
/supply-chainDependencies only
/fileFile security only
/logicBusiness logic only
/clientClient-side only
/configConfiguration only