Directory

Discover and filter AI agent skills. 27,776 active skills available.

Popular guides from the directory

Start with intent-focused guides, then come back to the full directory when you need broader coverage.

Results

Showing 2185-2208 of 27,776Page 92 of 1158

Secret Scanning

14
from allsmog/vuln-scout

This skill should be used when the user asks about "secret scanning", "find secrets", "hardcoded credentials", "leaked API keys", "git history secrets", "credential scanning", "detect passwords in code", or needs to identify secrets and credentials in source code or git history during whitebox security review.

Sandbox Escapes

14
from allsmog/vuln-scout

This skill should be used when the user asks about "sandbox escape", "vm escape", "template injection to RCE", "SSTI exploitation", "vm2 bypass", "restricted execution bypass", "sandbox breakout", or needs to identify sandbox escape and template engine exploitation techniques during whitebox security review.

postmessage-xss

14
from allsmog/vuln-scout

Detect postMessage handlers that trust unvalidated origins or write attacker-controlled data to dangerous DOM sinks.

OWASP API Security Top 10

14
from allsmog/vuln-scout

This skill should be used when the user asks about "API security", "OWASP API Top 10", "BOLA", "broken object level authorization", "API authentication", "mass assignment", "GraphQL security", "gRPC security", "rate limiting", "API abuse", "REST API vulnerabilities", or needs to identify API-specific security issues during whitebox security review.

OWASP Category Mapping

14
from allsmog/vuln-scout

Use this skill when the user asks for OWASP Top 10 mapping, CWE alignment, or standards-oriented reporting. The directory name stays `owasp-2025` for backward compatibility, but external reports should use official OWASP Top 10 names.

nextjs-react

14
from allsmog/vuln-scout

This skill should be used when the user asks about "Next.js security", "React security", "Server Components", "Server Actions", "Route Handlers", "RSC vulnerabilities", "SSR security", or needs comprehensive Next.js/React security analysis during whitebox security review.

Mobile Payment Tokenization Patterns

14
from allsmog/vuln-scout

Use this skill when reviewing mobile code that handles card data, payment tokenization, or third-party payment SDK integrations (Braintree, Stripe, Adyen, Google Pay, Apple Pay, FirstData-style iframe encryptors). The skill catalogues the high-signal attack patterns vuln-scout detects in mobile payment flows — server-controlled tokenization URLs, JavaScript-injection-into-WebView card-data exfiltration, JS-bridge token construction, and payment scope mismatches — and maps each to the detector that fires.

Mobile iOS Whitebox Audit

14
from allsmog/vuln-scout

Use this skill when the user is auditing an iOS application — directory contains `.ipa`, `Info.plist`, `*.swift`, `*.m`, `*.mm`, or an `xcodeproj`. Also activates when the conversation mentions WKWebView, NSURLSession, Keychain, App Transport Security, or any `com.apple.*` / `bundleidentifier`-style iOS package name.

Logging Failures

14
from allsmog/vuln-scout

This skill should be used when the user asks about "logging failures", "log injection", "insufficient logging", "audit logging", "security logging", "CWE-117", or needs to find logging-related vulnerabilities during whitebox security review.

framework-patterns

14
from allsmog/vuln-scout

This skill should be used when the user asks about "framework vulnerabilities", "Next.js security", "Flask security", "Django security", "Rails security", "Spring security", "GraphQL security", "Server Actions", "render_template_string", "SSTI patterns", "redirect SSRF", "mass assignment", "actuator exposure", "SpEL injection", "introspection", or needs to identify framework-specific vulnerability patterns during whitebox security review.

Exploit Techniques

14
from allsmog/vuln-scout

This skill should be used when the user asks to "write an exploit", "create PoC", "develop proof of concept", "exploit script", "automate exploitation", "build exploit", or needs guidance on developing working exploits during whitebox security review.

Exception Handling Vulnerabilities

14
from allsmog/vuln-scout

This skill should be used when the user asks about "XXE", "XML External Entity", "error handling", "exception disclosure", "stack trace exposure", "improper error handling", or needs to find exception-related vulnerabilities during whitebox security review.

Data Flow Tracing

14
from allsmog/vuln-scout

This skill should be used when the user asks to "trace data flow", "follow user input", "source to sink analysis", "track variable", "find input sources", "taint analysis", or needs to understand how user-controlled data flows through an application during whitebox security review.

Dangerous Functions

14
from allsmog/vuln-scout

This skill should be used when the user asks about "dangerous functions", "security sinks", "what functions are dangerous in PHP/Java/Python", "find vulnerable functions", "code execution functions", "command injection sinks", "SQL injection functions", or needs to identify security-sensitive functions in source code during whitebox security review.

Cryptographic Failures

14
from allsmog/vuln-scout

This skill should be used when the user asks about "cryptographic failures", "weak encryption", "hardcoded secrets", "insecure random", "MD5", "SHA1", "weak hashing", or needs to find crypto-related vulnerabilities during whitebox security review.

cross-component

14
from allsmog/vuln-scout

This skill should be used when analyzing multi-service architectures, frontend-backend interactions, microservices, or when looking for vulnerabilities that span multiple components. Use when the user asks about "cross-component", "frontend to backend", "service interaction", "internal service access", or "multi-service vulnerabilities".

cpg-analysis

14
from allsmog/vuln-scout

This skill should be used when the user asks about "Code Property Graph", "CPG analysis", "Joern queries", "CPGQL", "data flow verification", "taint tracking with Joern", "semantic code analysis", or needs to understand how CPG-based verification works for vulnerability detection.

Compliance Mapping

14
from allsmog/vuln-scout

This skill should be used when the user asks about "compliance mapping", "PCI-DSS", "HIPAA", "SOC 2", "NIST CSF", "regulatory requirements", "compliance report", or needs to map security findings to compliance framework requirements.

Cloud-Native Security

14
from allsmog/vuln-scout

This skill should be used when the user asks about "cloud security", "AWS security", "GCP security", "Azure security", "Kubernetes security", "IMDS", "instance metadata", "S3 bucket policy", "IAM", "serverless security", "Lambda security", "container security", "cloud misconfiguration", "SSRF to cloud metadata", or needs to identify cloud-native security issues during whitebox security review.

Cache Poisoning

14
from allsmog/vuln-scout

This skill should be used when the user asks about "cache poisoning", "web cache deception", "CDN cache", "proxy cache", "nginx cache", "varnish", "cache key manipulation", "response caching", or needs to find cache-related vulnerabilities during whitebox security review.

Business Logic Analysis

14
from allsmog/vuln-scout

This skill should be used when the user asks about "business logic", "workflow vulnerability", "trust boundary", "state machine", "authorization bypass", "multi-step process", "workflow bypass", "application logic flaw", or needs to identify business logic vulnerabilities during whitebox security review.

AI/ML Attack Surface

14
from allsmog/vuln-scout

This skill should be used when the user asks about "AI security", "ML pipeline attacks", "prompt injection", "model deserialization", "unsafe model loading", "Jupyter injection", "LLM security", or needs to identify AI/ML-specific vulnerabilities in codebases that use machine learning frameworks.

workflow

14
from bntvllnt/agent-skills

High-velocity solo development workflow. Idea to production same-day. 10 commands: plan, spike, ship, fix, review, spec-review, focus, done, drop, workflow. Auto-activates on: "plan", "spec", "ship", "spike", "fix", "debug", "repair", "spec-review", "review spec", "analyze spec", "challenge spec", "focus", "what should i do", "prioritize", "overwhelmed", "what should i work on", "done", "finish", "complete", "drop", "abandon", "workflow", "what's next", "whats next", "next step", "what now".

tmux

14
from bntvllnt/agent-skills

Complete tmux terminal multiplexer management: sessions, windows, panes, layouts, scripting, and configuration. Auto-activates on: "tmux", "session", "window", "pane", "split", "attach", "detach", "multiplexer".