Systematically identify and classify technical and business risks using the risk-centric PASTA framework across seven stages: 1. Define the Objectives, 2.
Red-Team- und Qualitätsgate für patentrechtliche Outputs: prüft Fristen, Registerstand, Anspruchsfassung, technische Annahmen, Quellen, Beweise, Zitierhygiene, offene Tatsachen…
Detect path traversal and Zip Slip vulnerabilities where user-controlled path components can escape intended directories.
Path Traversal Finder - Auto-activating skill for Security Fundamentals. Triggers on: path traversal finder, path traversal finder Part of the Security Fundamentals skill category.
Detect patterns, anomalies, and trends in code and data. Use when identifying code smells, finding security vulnerabilities, or discovering recurring patterns.
Sensitive data patterns for security testing: API keys, credit cards, emails, SSNs, phone numbers, IPs, and more. Use for data discovery and validation.
Use when creating, changing, auditing, or reviewing PAW Forkd webapp controllers, forms, validators, JSP/JSTL views, i18n bundles, Spring Security routes, CSS/JS, uploads,…
Enables AI agents to send USDC payments and order freelance services through an escrow-backed marketplace on Base.
Use when working with Payload CMS projects (payload.config.ts, collections, fields, hooks, access control, Payload API).
Send and receive USDC/USDT crypto payments via PayMe smart wallets. Check balances, send stablecoins, view history, manage contacts, sell crypto for local currency via P2P in 10…
Canadian PBMM (Protected B, Medium Integrity, Medium Availability) expert. Provides comprehensive guidance on ITSG-33 controls, CCCS assessment, Canadian data residency, and…
Architects Port Daddy's outbound-only event relay and the zero-trust crypto stack that governs it — PKI choice (ACME vs OIDC vs Web-of-Trust), per-publisher Merkle event chains,…
自动猜密码解 PDF(银行账单 / 投资报告 / 信用卡对账单等)。读 ~/.personal_env 的 PDF_ID_* 身份变量,按发行方密码规则生成候选并用 qpdf 试解。当用户提供加密 PDF 且未提供密码("读不了" / "解密一下" / "这个 PDF 加密了")时触发。
Process PDF files — read, merge, split, fill forms, watermark, encrypt, extract images, and OCR scanned documents.
pdfcpu is a Go-based PDF processing library and CLI tool that handles validation, optimization, merging, splitting, watermarking, encryption, and form filling.
Skill for using the command-line tool pdftk (PDFtk Server) for working with PDF files. Use when asked to merge PDFs, split PDFs, rotate pages, encrypt or decrypt PDFs, fill PDF…
Generate a production-grade Product Detail Page (PDP) optimized for the 2026 conversion benchmarks — 4-8% target vs 1.5-3% average.
Expert in ethical hacking, vulnerability assessment, and offensive security testing (Web/Network/Cloud).
Analiza textos aplicando pensamiento crítico — el marco de los 8 elementos del pensamiento y los estándares intelectuales universales de Richard Paul y Linda Elder — y detecta las…
Estima de forma orientativa la pensión de alimentos y la pensión compensatoria en procesos de familia. Usa las tablas orientadoras del CGPJ para alimentos y los criterios del art.
Static-analysis penetration test that hunts for exploitable vulnerabilities with proof-of-concept payloads and fix code.
Active Directory pentest methodology — BloodHound graph analiz, Kerberos abuse, ACL exploitation, lateral movement path advisory.
API security testing — REST/GraphQL/WebSocket, OWASP API Top 10, JWT/OAuth analiz, mass assignment, broken object-level authorization advisory.
Guide méthodologique pour tests d'intrusion et évaluation de sécurité. À utiliser pour préparer ou conduire un pentest.
Fuehrt reale Exploits aus (XBOW 96,15%). HOCHRISIKO - HITL-Pflicht. Trigger: Pentest.
Business logic flaw hunting — price manipulation, race condition, workflow bypass, authorization edge case advisory.
Bug bounty methodology — HackerOne/Bugcrowd/Intigriti, deduplication, rapor yazimi, severity scoring, payout maksimizasyonu advisory.
Provide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of…
CI/CD red team methodology — GitHub Actions, GitLab CI, Jenkins pipeline guvenlik analizi, secret leak, workflow injection advisory.
Cloud security pentest — AWS/Azure/GCP IAM analiz, lateral path, container escape pattern, serverless abuse advisory.
Provide a comprehensive command reference for penetration testing tools including network scanning, exploitation, password cracking, and web application testing.
Autonomous penetration testing coordinator using ReAct methodology. Automatically activates when user provides a target IP or asks to start penetration testing.
Autonomous penetration testing coordinator using ReAct methodology. Automatically activates when user provides a target IP or asks to start penetration testing.
Credential testing methodology — hash crack secimi, wordlist generation, password spray (advisory), default cred audit.
CTF (Capture the Flag) challenge solving advisory — HackTheBox, TryHackMe, PicoCTF, web/pwn/rev/crypto/forensics.
Detection engineering — Sigma, Splunk SPL, Elastic KQL, Microsoft Sentinel KQL, YARA, Suricata rule yazimi advisory.
Penetration testing engagement planning — scoping, ROE drafting, phased timeline, MITRE ATT&CK mapping, kickoff/closeout dokumantasyonu.
Multi-step exploit zinciri analizi — low/medium severity bulgulari critical chain'e baglama, stealth+impact scoring advisory.
Digital forensics — evidence acquisition, memory/disk imaging analiz, timeline reconstruction, IOC extraction advisory.
LLM application red team — OWASP LLM Top 10, prompt injection, RAG poisoning, MCP server abuse, agent tool abuse, jailbreak testing advisory.
Malware analizi — triage, static analiz, dynamic sandbox, IOC extract, YARA imza yazimi advisory. Triggers on malware analiz, malware triage, sandbox, Cuckoo, IDA, Ghidra, dynamic…
Penetration testing framework for exploit development, vulnerability validation, and authorized security assessments using Metasploit Framework.
Ethical security testing methodology - 5-phase pipeline, OWASP checklist, proof levels, structured findings
Mobile application pentest — Android/iOS, MASTG/MASVS, Frida/Objection dynamic analiz, sertifika pinning bypass, IPC test advisory.
Network reconnaissance and port scanning using Naabu, hping3, and complementary tools
Operator OPSEC + evidence handling — operator identity hygiene, source IP design, burner infrastructure, evidence chain of custody, log retention advisory.
Yetkili penetration testing engagement orchestrator — scope declaration, OPSEC tagging, evidence handling disiplini.
Open Source Intelligence gathering and attack surface management for external reconnaissance.
Pentest especializado para pfSense CE e Plus — cobre todas as superfícies de ataque a partir da rede externa e interna, mapeado ao PTES e ao código-fonte real do pfSense
Privilege escalation methodology — Linux + Windows + container escape advisory. LinPEAS/WinPEAS analizi, SUID/capability abuse, kernel exploit secimi.
Reconnaissance ve enumeration advisory — Nmap/Nessus/Nikto/BloodHound output parsing, attack surface prioritization, next-step onerisi.
Coordinate autonomous pentest skills with dependency enforcement, deconfliction, and emergency stop controls.
Penetration test rapor yazimi — executive summary, technical writeup, CVSS scoring, remediation roadmap advisory.
Social engineering pentest methodology — phishing strategy, pretexting, vishing senaryosu, awareness training advisory. Live phishing operation YOK.
DISA STIG (Security Technical Implementation Guide) audit + GPO remediation + keep-open justification advisory.
Threat modeling — STRIDE, DREAD, attack tree, data flow diagram, MITRE ATT&CK Navigator integration. Triggers on threat model, STRIDE, DREAD, attack tree, DFD, data flow diagram,…
Web application security testing methodology — OWASP Top 10, SSRF, IDOR, auth bypass, injection sinifi advisory. Burp/ZAP cikti analizi.
Wireless network pentest — WPA/WPA2/WPA3, evil twin, 802.1X enterprise, Bluetooth advisory. Triggers on wireless pentest, WiFi, WPA2, WPA3, PMKID, evil twin, deauth, Aircrack,…
Enumerating and attacking FreeIPA domains during authorized engagements — anonymous and authenticated LDAP
Testing rsync daemon services (default port 873) for unauthenticated module listing and access, weak/default credentials and brute force, arbitrary file read/download and…