Security Review Skill
Overview
Helps the agent perform systematic security evaluations using recognized threat analysis patterns (e.g., STRIDE), secure defaults, and threat mitigation recommendations.
When to use
- •Code, design, or interface evaluations
- •Threat modeling
- •Security hardening guidance
- •Detecting insecure dependencies or misconfigurations
Instructions
- •Identify assets and trust boundaries.
- •Enumerate threat categories (injection, elevation, exfiltration, misuse).
- •For each threat, provide impact, likelihood, and proposed mitigations.
- •Highlight secure defaults and configuration best practices.
- •Call out specific code or design patterns with high risk.
Example
Input: “Evaluate the REST API design for authentication and session management.”
Output:
- •Identified risks
- •Threat analysis table
- •Best practice recommendations
Edge Cases
- •Legacy systems with limited security controls
- •Highly permissioned environments