security_skill

This skill helps you design and enforce secure-by-default software through threat modeling, secure coding, and defense-in-depth practices across projects.
  • Python

21

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill omer-metin/skills-for-antigravity --skill security

  • SKILL.md2.1 KB

Overview

This skill is a comprehensive application-security advisor that helps you design, build, and verify secure software from day one. It focuses on threat modeling, OWASP Top 10 risks, secure coding patterns, authentication and authorization, secrets handling, and zero trust principles. Use it to prevent common web vulnerabilities and to bake security into design and code rather than bolting it on later.

How this skill works

I inspect application design, APIs, authentication flows, input handling, session management, and code snippets to identify security weaknesses and recommend concrete fixes. I map findings to common attack patterns and provide prescriptive mitigations, secure-by-default patterns, and verification checks you can run. When reviewing code or architecture, I point out exact places violating least privilege, unsafe input handling, improper error handling, exposed secrets, or missing defenses like rate limiting and security headers.

When to use it

  • Designing a new feature or API and wanting threat modeling guidance
  • Reviewing code for XSS, SQL injection, CSRF, authentication/authorization flaws
  • Preparing a pull request that touches input validation, session logic, or secrets
  • Hardening an existing application to meet OWASP Top 10 mitigations
  • Building secure default configurations (CSP, CORS, headers, rate limits)

Best practices

  • Treat security as a property: design controls into every component from the start
  • Never trust user input: validate, sanitize, and escape based on context
  • Apply defense in depth: use multiple complementary controls (validation, rate limiting, auth checks)
  • Enforce least privilege and fail secure: deny by default and restrict access paths
  • Keep secrets out of code: use managed secret storage and short-lived tokens
  • Use explicit, testable secure patterns for authentication, authorization, and session management

Example use cases

  • Run a threat model for a new API endpoint and get prioritized mitigations
  • Scan a code snippet that builds SQL queries and get secure parameterization guidance
  • Audit authentication flow for token misuse, session fixation, or privilege escalation
  • Recommend concrete headers, CSP, and CORS settings for a web app
  • Identify where secrets or API keys are stored insecurely and suggest remediation

FAQ

No. This skill focuses on application security: code, APIs, auth, input handling, and app architecture rather than cloud or network infrastructure.

Can you check code for OWASP Top 10 issues?

Yes. Provide the code or architecture details and I will highlight likely OWASP Top 10 issues and give exact fixes and checks to validate remediation.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational