0x1337c0d3
9 verified skills27 total stars
skills/prompt-injection-defender
# Prompt Injection Defender Skill ## Overview Defense against **indirect prompt injection** attacks for Claude Code. This skill provides PostToolUse hooks that scan tool outputs (files, web pages, command results) for injection attempts and warn Claude about suspicious content. ## Features - **Real-time scanning** of tool outputs (Read, WebFetch, Bash, Grep, Task, MCP tools) - **4 detection categories**: Instruction Override, Role-Playing/DAN, Encoding/Obfuscation, Context Manipulation - **5
tools3
api
API security audit aligned with OWASP API Top 10. Use when the user asks to "check API security", "audit REST API", "find BOLA vulnerabilities", "check for mass assignment", "analyze API rate limiting", "detect excessive data exposure", or mentions "API security", "BOLA", "IDOR", "mass assignment", "rate limiting", "broken function-level authorization", "excessive data exposure", or "OWASP API Top 10". Invoke with /sentinel:api.
development3
attack-surface
Map the application attack surface. Use when the user asks to "map attack surface", "list entry points", "inventory API endpoints", "find all inputs", "enumerate routes", "discover exposed endpoints", or wants to understand where external data enters the system. Also useful as a pre-scan step before running /sentinel. Invoke with /sentinel:attack-surface.
development3
red-team
Adversarial analysis from 6 attacker personas. Use when the user asks to "red team this", "think like an attacker", "simulate an attack", "threat model as an adversary", or wants to understand how their app would be attacked by a script kiddie, insider, organized crime, nation-state, hacktivist, or supply chain attacker. Invoke with /sentinel:red-team.
data-ai3
sentinel
Orchestrates security scanning combining AI-driven OWASP analysis with Semgrep SAST and CodeQL taint analysis. Cross-validates findings, calculates a risk score, and produces prioritised security audit reports. Invoke with /sentinel or when the user asks to "run security audit", "audit this project", "security scan", or "scan for vulnerabilities".
development3
stride
STRIDE threat modeling. Use when the user asks to "run STRIDE", "threat model with STRIDE", "check for spoofing/tampering/repudiation/info disclosure/DoS/ privilege escalation", or invokes /sentinel:stride. Analyzes the codebase across all 6 STRIDE threat categories (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege).
development3
audit
Intelligence-driven security analysis — the reasoning layer that complements Sentinel's tool-based scanning. Use this skill when the user says "analyze these findings", "explain this vulnerability", "is this exploitable", "false positive?", "fix this security issue", "threat model this", "audit my Dockerfile/Terraform/k8s/GitHub Actions", "harden this config", "review my auth code", "is this JWT safe", "check for secrets", or pastes Sentinel's consolidated.json for deeper analysis. Also trigger on any security question after `/sentinel:sentinel` has run. Works without any tools installed — pure Claude intelligence. Part of the Sentinel plugin (github.com/alissonlinneker/sentinel-claude-skill).
tools3
race-conditions
Detect race condition vulnerabilities. Use when the user asks to "check for race conditions", "find TOCTOU bugs", "analyze concurrency issues", "detect double-spend vulnerabilities", "check for check-then-act patterns", or mentions "race condition", "TOCTOU", "double-spend", "concurrency", "atomicity", or "thread safety" in a security context. Invoke with /sentinel:race-conditions.
testing3
business-logic
Detect business logic security vulnerabilities. Use when the user asks to "check business logic security", "find logic flaws", "audit workflow security", "check for coupon abuse", "detect negative amount exploits", "analyze state machine security", or mentions "business logic", "workflow bypass", "negative amount", "coupon abuse", "self-referral", "state manipulation", or "price manipulation" in a security context. Invoke with /sentinel:business-logic.
testing3