seca_skill

This skill conducts security reviews by researching knowledge bases, validating designs, and producing actionable security reports to strengthen SDLC.
  • Python

5

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill truongnat/agentic-sdlc --skill seca

  • SKILL.md8.7 KB

Overview

This skill is the Security Analyst (SECA) role for the development lifecycle, designed to perform structured security assessments and produce repeatable review artifacts. It activates on prompts like @SECA, security analyst, security review, or security assessment. The skill integrates knowledge-base searches, threat modeling, code and design review, and compliance checks to produce a clear APPROVED/REJECTED decision and remediation guidance.

How this skill works

On activation the skill first searches the project knowledge base and security patterns to surface related vulnerabilities and past fixes. It reviews design artifacts (API specs, data flow diagrams, UI/UX docs) and inspects code for hardcoded secrets, injection vectors, and insecure dependency usage. The skill performs threat modeling, OWASP Top 10 checks, and compliance assessments, then documents findings and recommendations in a standardized Security Review Report. Critical and high findings block approval until resolved.

When to use it

  • Before moving a design or sprint into implementation to validate security posture
  • When new authentication or authorization flows are proposed or changed
  • After dependency updates or third-party integrations are added
  • When handling sensitive data, privacy requirements, or regulatory scope changes
  • During sprint review cycles to produce formal security artifacts

Best practices

  • Always run a KB search for known vulnerabilities before starting the review
  • Follow OWASP Top 10 as a baseline and map findings to categories
  • Never approve a design with critical or high severity findings
  • Check for hardcoded secrets and verify secret management practices
  • Document all findings, fixes, and prevention patterns to the KB

Example use cases

  • Assessing a new OAuth2 authentication flow for token handling and scope rules
  • Reviewing API specs and data flows for encryption, authorization, and logging gaps
  • Scanning code for hardcoded credentials, SQL injection patterns, and XSS sinks
  • Producing a sprint security review report with decision and prioritized remediation
  • Validating GDPR-related data retention and audit logging requirements

FAQ

Invoke with @SECA or mention security analyst/security review; run before implementation or when security-sensitive changes occur.

Can the review approve a sprint with critical findings?

No. Critical or high-severity findings must be resolved before the decision can be APPROVED.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational