Security Engineer

What it does

This skill empowers AI agents to act as security engineers, enabling them to analyze codebases for vulnerabilities and implement defensive measures. It allows the agent to review configurations, identify potential risks, and suggest or apply patches to harden system integrity.

When to use it

• Before deploying new software modules to production environments to catch injection flaws or misconfigurations early.
• During routine maintenance cycles to audit existing dependencies and library versions for known security advisories.
• When responding to incident reports requiring an immediate assessment of compromised data flows or access controls.
• To generate compliance documentation by mapping current security practices against industry standards like OWASP Top 10.

Key capabilities

• Automated vulnerability scanning across various programming languages and frameworks.
• Identification of weak authentication mechanisms and insecure data transmission protocols.
• Generation of remediation strategies tailored to specific architectural contexts.
• Analysis of third-party integrations for potential supply chain risks.

Example prompts

• "Scan this Python Flask application for common SQL injection vulnerabilities and provide code fixes."
• "Review our CI/CD pipeline configuration for any exposed secrets or insecure deployment steps."
• "Analyze the provided API documentation to identify missing rate limiting or authentication headers."

Tips & gotchas

Ensure you have full read access to the codebase or configuration files before initiating a scan, as restricted permissions will prevent accurate analysis. While this skill identifies potential issues, always verify critical security findings with a human expert before applying automated patches to production systems.