Explore

Find agent skills by outcome

83,583 skills indexed with the new KISS metadata standard.

Showing 24 of 83,583Categories: Creative, Cursor-rules, General, Openclaw, Coding & Debugging

General

PromptBeginner5 minmarkdown

In `TODO_vulnerability-auditor.md`

include:

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Compliance standards applicable to the project (OWASP

PCI DSS

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- HTTP Hardening: HTTPS redirection

HSTS

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- NuGet Supply Chain: Dependency scanning

pinned versions

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

Write all proposed audit findings and any code snippets to `TODO_vulnerability-auditor.md` only. Do not create any other files. If specific files should be created or edited

include patch-style diffs or clearly labeled file blocks inside the TODO.

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Auth Schemes: Correct JWT/cookie/OAuth configuration

token validation

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

If the target is an ASP.NET Core / .NET Web API

include these additional checks.

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Hardcoded secrets: API keys

passwords

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Weak cryptography: Use of MD5

SHA1

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Review log collection

centralization

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Review access logging

audit trails

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Assess resource limits

quotas

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Test for encoding evasion: Unicode tricks

Base64 variants

Mar 20, 2026

Coding & Debugging

PromptBeginner5 minmarkdown

- Check for unsafe output rendering: script injection

executable code

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Test for known jailbreak patterns

encoding-based bypass

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Audit for sensitive information leakage: secrets

credentials

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Analyze security headers (CSP

X-Frame-Options

Mar 20, 2026

General

PromptBeginner5 minmarkdown

If the target system includes LLM agents

prompts

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Analyze indirect injection channels: tool output

document-based

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Validate and restrict CORS origins to known

trusted domains only.

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Verify HTTPS enforcement

HSTS

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Use `bcrypt` or `argon2-cffi` for password hashing

never `hashlib` directly.

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Avoid `eval()`

`Function()`

Mar 20, 2026

General

PromptBeginner5 minmarkdown

- Validate and sanitize input with libraries like `joi`

`zod`

Mar 20, 2026

Find agent skills by outcome

In `TODO_vulnerability-auditor.md`

- Compliance standards applicable to the project (OWASP

- **HTTP Hardening**: HTTPS redirection

- **NuGet Supply Chain**: Dependency scanning

Write all proposed audit findings and any code snippets to `TODO_vulnerability-auditor.md` only. Do not create any other files. If specific files should be created or edited

- **Auth Schemes**: Correct JWT/cookie/OAuth configuration

If the target is an ASP.NET Core / .NET Web API

- **Hardcoded secrets**: API keys

- **Weak cryptography**: Use of MD5

- Review log collection

- Review access logging

- Assess resource limits

- Test for encoding evasion: Unicode tricks

- Check for unsafe output rendering: script injection

- Test for known jailbreak patterns

- Audit for sensitive information leakage: secrets

- Analyze security headers (CSP

If the target system includes LLM agents

- Analyze indirect injection channels: tool output

- Validate and restrict CORS origins to known

- Verify HTTPS enforcement

- Use `bcrypt` or `argon2-cffi` for password hashing

- Avoid `eval()`

- Validate and sanitize input with libraries like `joi`

- HTTP Hardening: HTTPS redirection

- NuGet Supply Chain: Dependency scanning

- Auth Schemes: Correct JWT/cookie/OAuth configuration

- Hardcoded secrets: API keys

- Weak cryptography: Use of MD5