security-bluebook-builder

Create or refine a concise, normative security policy ("Blue Book") for sensitive applications. Use when users need a threat model, data classification rules, auth/session policy, logging and audit requirements, retention/deletion expectations, incident response, or security...

Best use case

security-bluebook-builder is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Create or refine a concise, normative security policy ("Blue Book") for sensitive applications. Use when users need a threat model, data classification rules, auth/session policy, logging and audit requirements, retention/deletion expectations, incident response, or security...

Teams using security-bluebook-builder should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/security-bluebook-builder/SKILL.md --create-dirs "https://raw.githubusercontent.com/ratnesh-maurya/cursor-claude-personas/main/security-engineer/.claude/skills/security-bluebook-builder/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/security-bluebook-builder/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How security-bluebook-builder Compares

Feature / Agentsecurity-bluebook-builderStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Create or refine a concise, normative security policy ("Blue Book") for sensitive applications. Use when users need a threat model, data classification rules, auth/session policy, logging and audit requirements, retention/deletion expectations, incident response, or security...

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Security Bluebook Builder

## Overview
Build a minimal but real security policy for sensitive apps. The output is a single, coherent Blue Book document using MUST/SHOULD/CAN language, with explicit assumptions, scope, and security gates.

## Workflow

### 1) Gather inputs (ask only if missing)
Collect just enough context to fill the template. If the user has not provided details, ask up to 6 short questions:
- What data classes are handled (PII, PHI, financial, tokens, content)?
- What are the trust boundaries (client/server/third parties)?
- How do users authenticate (OAuth, email/password, SSO, device sessions)?
- What storage is used (DB, object storage, logs, analytics)?
- What connectors or third parties are used?
- Retention and deletion expectations (default + user-initiated)?

If the user cannot answer, proceed with safe defaults and mark TODOs.

### 2) Draft the Blue Book
Load `references/bluebook_template.md` and fill it with the provided details. Keep it concise, deterministic, and enforceable.

### 3) Enforce guardrails
- Do not include secrets, tokens, or internal credentials.
- If something is unknown, write "TODO" plus a clear assumption.
- Fail closed: if a capability is required but unavailable, call it out explicitly.
- Keep scope minimal; do not add features or tools beyond what the user asked for.

### 4) Quality checks
Confirm the Blue Book includes:
- Threat model (assumptions + out-of-scope)
- Data classification + handling rules
- Trust boundaries + controls
- Auth/session policy
- Token handling policy
- Logging/audit policy
- Retention/deletion
- Incident response mini-runbook
- Security gates + go/no-go checklist

## Resources
- `references/bluebook_template.md`

Related Skills

frontend-mobile-security-xss-scan

5
from ratnesh-maurya/cursor-claude-personas

You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection poi

api-endpoint-builder

5
from ratnesh-maurya/cursor-claude-personas

Builds production-ready REST API endpoints with validation, error handling, authentication, and documentation. Follows best practices for security and scalability.

web-security-testing

5
from ratnesh-maurya/cursor-claude-personas

Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.

security-scanning-security-sast

5
from ratnesh-maurya/cursor-claude-personas

Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks

security-scanning-security-hardening

5
from ratnesh-maurya/cursor-claude-personas

Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls.

security-requirement-extraction

5
from ratnesh-maurya/cursor-claude-personas

Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.

security-compliance-compliance-check

5
from ratnesh-maurya/cursor-claude-personas

You are a compliance expert specializing in regulatory requirements for software systems including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards. Perform compliance audits and provide im...

security-auditor

5
from ratnesh-maurya/cursor-claude-personas

Expert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks.

laravel-security-audit

5
from ratnesh-maurya/cursor-claude-personas

Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.

frontend-security-coder

5
from ratnesh-maurya/cursor-claude-personas

Expert in secure frontend coding practices specializing in XSS prevention, output sanitization, and client-side security patterns.

cc-skill-security-review

5
from ratnesh-maurya/cursor-claude-personas

Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist a...

backend-security-coder

5
from ratnesh-maurya/cursor-claude-personas

Expert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.