data-security
Assess data security controls: classification, access, encryption, retention, and exposure risk.
Best use case
data-security is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Assess data security controls: classification, access, encryption, retention, and exposure risk.
Teams using data-security should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/data-security/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How data-security Compares
| Feature / Agent | data-security | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Assess data security controls: classification, access, encryption, retention, and exposure risk.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Data Security Review ## Purpose Evaluate confidentiality and integrity controls for data across storage, transit, and access paths. ## Trigger - Handling sensitive data in new/changed features. - Security assessments and release gates. ## Procedure 1. Classify data types and sensitivity levels. 2. Verify at-rest and in-transit encryption controls. 3. Evaluate authentication/authorization boundaries. 4. Check retention, deletion, and auditability requirements. 5. Report exposure risks and remediation priorities. ## Output Contract - Data security findings with severity and remediation plan. ## Governance Notes - High/critical findings are merge-blocking unless risk-accepted. ## References - `agents/security-reviewer.md` - `skills/review/security/SKILL.md`
Related Skills
laravel-security-audit
Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.
information-security-manager-iso27001
ISO 27001 ISMS implementation and cybersecurity governance for HealthTech and MedTech companies. Use for ISMS design, security risk assessment, control implementation, ISO 27001 certification, security audits, incident response, and compliance verification. Covers ISO 27001, ISO 27002, healthcare security, and medical device cybersecurity.
hardware-security
Hardware and embedded security research capabilities. Interface with JTAG debuggers, analyze SPI/I2C communications, dump and analyze firmware, support fault injection, side-channel analysis, and hardware exploitation research.
Global Security
Your approach to handling global security. Use this skill when working on files where global security comes into play.
dotnet-security-owasp
Hardens .NET apps per OWASP Top 10 -- injection, auth, XSS, deprecated security APIs.
devs:security-core
Comprehensive application security expertise covering authentication, authorization, OWASP Top 10, and security best practices. Use when (1) Implementing authentication (JWT, OAuth2, sessions, OAuth for CLI/TUI/desktop apps), (2) Adding authorization (RBAC, ABAC, RLS with Supabase/PostgreSQL), (3) Security auditing code or infrastructure, (4) Setting up security infrastructure (headers, CORS, CSP, rate limiting), (5) Managing secrets and credentials, (6) Preventing OWASP Top 10 vulnerabilities (injection, XSS, CSRF, etc.), (7) Reviewing code for security issues, (8) Configuring secure web applications in TypeScript, Python, or Rust. Automatically triggered when working with authentication/authorization systems, security reviews, or addressing security vulnerabilities.
dcyfr-security
CodeQL suppressions, security vulnerability troubleshooting, and security best practices
Data Privacy Compliance
Data privacy and regulatory compliance specialist for GDPR, CCPA, HIPAA, and international data protection laws. Use when implementing privacy controls, conducting data protection impact assessments, ensuring regulatory compliance, or managing data subject rights. Expert in consent management, data minimization, and privacy-by-design principles.
container-security-scanner
Scan images and runtime for CVEs and policy violations.
cc-data-organization
Audit and fix data organization: variable declarations, data types, magic numbers, naming conventions, and global data. Three modes: CHECKER (92-item checklist -> status table), APPLIER (type selection and naming guidance), TRANSFORMER (fix violations). Cover modern types: concurrent/shared state, nullable/optional, temporal/timezone, security-sensitive. Use when reviewing code for data organization issues, choosing data types, or fixing magic numbers. Triggers on: review variables, data types, magic numbers, naming, global data, check types, fix floats, constants.
Build Your Cloud Security Skill
Create your cloud security skill in one prompt, then learn to improve it throughout the chapter
azure-security-keyvault-keys-dotnet
Azure Key Vault Keys SDK for .NET. Client library for managing cryptographic keys in Azure Key Vault and Managed HSM. Use for key creation, rotation, encryption, decryption, signing, and verification.