laitszkin/discover-security-issues
discover-security-issues/SKILL.md
Discovery-only adversarial audit: map trust boundaries, run module catalogs (`agent-system`, `financial-program`, `software-system`, `combined`), reproduce exploitable behavior with payloads/commands and `path:line` evidence; prioritize impact × exploitability—**no code edits, no PRs, no auto-remediation**. Use for security review, vuln hunting, SQLi/XSS/auth/IDOR checks, agent prompt-injection/tool abuse, money-path races **STOP** when user wants patches shipped—hand off findings… BAD single vague “looks fine”… GOOD two-pass repro, hypothesis vs confirmed…
$ install --global
skillsauthnpx skillsauth add laitszkin/apollo-toolkit discover-security-issuesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 6, 2026, 7:50 AM226.1s11 files scanned
SKILL.md
- name:
- discover-security-issues
- description:
- >-
- Discovery-only adversarial audit:
- map trust boundaries, run module catalogs (`agent-system`, `financial-program`, `software-system`, `combined`), reproduce exploitable behavior with payloads/commands and `path:line` evidence; prioritize impact × exploitability—**no code edits, no PRs, no auto-remediation**.
Discover Security Issues
Dependencies
- Required: none.
- Conditional: none.
- Optional: none.
- Fallback: not applicable.
Non-negotiables
- Discovery-only: MUST NOT edit code, apply patches, open PRs, or run “fix workflows.”
- MUST keep only reproducible issues with exploit evidence; separate hypotheses from confirmed findings.
- MUST reproduce each confirmed exploit at least twice on the same path; use nearby payload variants for high-risk sinks.
- MUST discard authorship bias—treat all code as untrusted until evidence proves behavior.
Standards (summary)
- Evidence: Payload/precondition, observable failure,
path:line, commands or requests that reproduce. - Execution: Pick modules → boundaries → scenarios from references → validate → prioritize → report only.
- Quality: Rank by impact, exploitability, reach; unknowns listed under residual risk.
- Output: Findings (severity-ordered), attack evidence, risk notes, hardening advice (not patches), residual risk.
Workflow
Chain-of-thought: After each step, satisfy Pause → before continuing; halt on missing scope or contradictory module choice.
1) Scope and modules
- Choose one or more of:
agent-system,financial-program,software-system,combined(cross-boundary chains). - List untrusted inputs, privileged actions, and protected assets; state invariants that must hold.
- Pause → Which module catalogs did I open (file names)—not guessed from memory?
2) Execute scenarios from references
- Agent:
references/agent-attack-catalog.md; optionalreferences/security-test-patterns-agent.md(prompt injection, tool abuse, memory/exfil paths). - Financial:
references/red-team-extreme-scenarios.md,references/risk-checklist.md; optionalreferences/security-test-patterns-finance.md(authz, replay/race, idempotency, precision, lifecycle). - Software:
references/common-software-attack-catalog.md(SQL/NoSQL/command injection, XSS, CSRF, SSRF, traversal, upload, session/JWT, IDOR/BOLA, deserialization, misconfig). - Combined: relevant subsets plus chains (e.g. injection → privileged API).
- Pause → Did I record payload + preconditions + observed behavior for each candidate—not just “maybe vulnerable”?
3) Validate reproducibility
- Re-run each confirmed path twice; add encoding/casing/delimiter variants on hot sinks.
- Pause → Is anything still “likely” without a second repro—downgrade to hypothesis?
4) Prioritize
- Order Critical/High → Medium → Low using impact, exploitability, blast radius (multi-tenant / cross-tenant called out).
5) Report only
Deliver (see Output shape below): findings, attack evidence, prioritization, hardening guidance (advisory), residual risk.
Minimum coverage (apply per selected module)
- Core: trust boundaries, authn/authz, input → dangerous sink paths, secrets/sensitive data handling.
- Agent: prompt/indirect injection, unauthorized tools/actions, exfil, memory poisoning resistance.
- Financial: object-level authz, replay/race/idempotency, precision, oracle/side-effect safety, failure consistency.
- Software: injection families, XSS/CSRF/SSRF, traversal/upload, session/JWT, brute-force/rate limits, debug/CORS/secrets exposure.
- Combined: module checks + realistic cross-boundary chains.
Output shape
- Findings (high → low): title, severity, evidence (
path:line), reproduction steps/payload, impacted invariant/asset. - Attack evidence: preconditions, commands/requests, observed insecure behavior, variant results.
- Risk prioritization: impact, exploitability, reach; why it matters in this system.
- Hardening guidance (advice only): fix direction, validation focus post-remediation.
- Residual risk: hypotheses, assumptions, follow-up probes.
Sample hints
- Module: Web API + Claude tool-use →
combined(software + agent); deposits/withdrawals → includefinancial-program. - Evidence: “SQLi possible” without two runs + exact parameter → stays hypothesis until repro’d.
- Stop line: User says “patch it now” → finish report; hand off to implementation skills—do not self-patch here.
References
references/agent-attack-catalog.md,references/security-test-patterns-agent.mdreferences/red-team-extreme-scenarios.md,references/risk-checklist.md,references/security-test-patterns-finance.mdreferences/common-software-attack-catalog.md,references/test-snippets.md(optional snippets)
Related Skills
laitszkin/review-pr
development
VerifiedTrustedCommunity
Review a pull request — interactive PR selection via `gh`, 4-dimension code review (hallucinated code, architecture, performance, test validity), then post severity-graded comments with fix suggestions on the PR. Not for spec-based review — use `review` instead.
3SKILL.mdUpdated Jun 11, 2026
laitszkin/weekly-financial-event-report
development
VerifiedTrustedCommunity
Read a user-specified PDF that marks the week's key financial events, deeply research each marked event with current sources, capture any additional breaking financial developments, and produce a concise Chinese-capable PDF briefing that explains what happened and why it matters.
3SKILL.mdUpdated May 30, 2026
laitszkin/video-production
documentation
VerifiedTrustedCommunity
Generate long-form videos (more than 10 minutes) by following user instructions and invoking related skills only when needed (`openai-text-to-image-storyboard`, `docs-to-voice`, `remotion-best-practices`). For text inputs, extract a complete long-form story arc, generate fresh storyboard images (no reuse of previously generated pictures), and render a 16:9 animated long-form video.
3SKILL.mdUpdated May 30, 2026
laitszkin/version-release
tools
VerifiedTrustedCommunity
協助完成自動化版本發佈。同步文檔、更新版本號、推送 tag 並建立 GitHub Release。
3SKILL.mdUpdated May 29, 2026