Configure SSL/TLS inspection on network security devices to decrypt, inspect, and re-encrypt HTTPS traffic for

Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal network services,

Detect and extract hidden data embedded in images, audio, and other media files using steganalysis tools to uncover

Enumerate subdomains of target domains using ProjectDiscovery's Subfinder passive reconnaissance tool to map

Conduct a thick client application penetration test to identify insecure local storage, hardcoded credentials,

'Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework.

Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack

'Simulates VLAN hopping attacks using switch spoofing and double tagging techniques in authorized environments

'Performs authenticated and unauthenticated vulnerability scanning using Tenable Nessus to identify known vulnerabilities,

Bypass Web Application Firewall protections using encoding techniques, HTTP method manipulation, parameter pollution,

'Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG)

Nikto is an open-source web server and web application scanner that tests against over 7,000 potentially dangerous

Execute web cache deception attacks by exploiting path normalization discrepancies between CDN caching layers

Exploiting web cache mechanisms to serve malicious content to other users by poisoning cached responses through

'Captures WPA/WPA2 handshakes and performs offline password cracking using aircrack-ng, hashcat, and dictionary

Execute a wireless network penetration test to assess WiFi security by capturing handshakes, cracking WPA2/WPA3

'Processes STIX 2.1 threat intelligence bundles delivered via TAXII 2.1 servers, normalizing objects into platform-native

Scan container images for known vulnerabilities using Anchore Grype with SBOM-based matching and configurable

Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS

Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations,

'This skill covers hardening managed Kubernetes clusters on EKS, AKS, and GKE by implementing Pod Security Standards,

'Tests Android inter-process communication (IPC) through intents for vulnerabilities including intent injection,

'Tests API authentication mechanisms for weaknesses including broken token validation, missing authentication

'Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated

'Tests APIs for mass assignment (auto-binding) vulnerabilities where clients can modify object properties they

Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain

Systematically testing web applications for broken access control vulnerabilities including privilege escalation,

Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege

Test web application email functionality for SMTP header injection vulnerabilities that allow attackers to inject

Test web applications for HTTP Host header injection vulnerabilities to identify password reset poisoning, web

Test JWT implementations for critical vulnerabilities including algorithm confusion, none algorithm bypass, kid

Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters,

Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage,

Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks

Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater

'Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into

Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF,

Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization

'Tests authentication and authorization mechanisms in mobile application APIs to identify broken authentication,

'Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception,

Test and validate ransomware recovery procedures including backup restore operations, RTO/RPO target verification,

'Tests WebSocket API implementations for security vulnerabilities including missing authentication on WebSocket

Triage and prioritize vulnerabilities using CISA's Stakeholder-Specific Vulnerability Categorization (SSVC) decision

Validate backup integrity through cryptographic hash verification, automated restore testing, corruption detection,

Generates optimized prompts for any AI tool. Use when writing, fixing, improving, or adapting a prompt for LLM, Cursor, Midjourney, image AI, video AI, coding agents, or any other AI tool.

Full website SEO audit with parallel subagent delegation. Crawls up to 500 pages, detects business type, delegates to up to 15 specialists (8 always + 7 conditional), generates health score. Use when user says audit, full SEO check, analyze my site, or website health check.

>

Generate production-ready images for SEO use cases using Gemini's image generation

Vyper smart contract compiler internals. Use when working on the Vyper compiler codebase — compilation pipeline, Venom IR, semantic analysis, code generation, testing, or contributing. Triggers on vyper compiler development, Venom passes, AST/semantics changes, codegen work, or test writing.

Use this skill to build features or debug anything that uses a webapp frontend.