security-testing

What it does

This skill enables AI agents to perform automated vulnerability scanning and penetration testing on web applications. It helps identify common security flaws such as SQL injection, cross-site scripting (XSS), and insecure configurations before attackers can exploit them.

When to use it

• Pre-deployment checks: Run scans against staging environments to catch vulnerabilities before going live.
• Compliance audits: Generate reports for regulatory requirements like PCI-DSS or SOC2 that mandate regular security testing.
• Third-party integration: Validate the security posture of newly integrated APIs or microservices within your architecture.
• Incident response: Rapidly assess the impact of a suspected breach by scanning affected endpoints for additional exposure.

Key capabilities

• Automated detection of OWASP Top 10 vulnerabilities
• Customizable scan profiles for different application types
• Detailed reporting with severity ratings and remediation steps
• Integration with CI/CD pipelines for continuous security monitoring

Example prompts

• "Scan my production API endpoints for SQL injection vulnerabilities and report findings."
• "Perform a penetration test on this login page to identify authentication bypass weaknesses."
• "Generate a security audit report highlighting all high-severity XSS issues found in the frontend code."

Tips & gotchas

Ensure you have explicit authorization before scanning any live environment, as unauthorized testing can violate legal agreements. Always run scans in isolated or staging environments first to prevent accidental service disruption during automated attacks.