microsoft/owasp-infrastructure
.github/skills/security/owasp-infrastructure/SKILL.md
OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments - Brought to you by microsoft/hve-core.
$ install --global
skillsauthnpx skillsauth add microsoft/hve-core owasp-infrastructureInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 9, 2026, 2:08 AM41.2s12 files scanned
SKILL.md
- name:
- owasp-infrastructure
- description:
- OWASP Infrastructure Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in internal IT infrastructure environments - Brought to you by microsoft/hve-core.
- license:
- CC-BY-SA-4.0
- user-invocable:
- false
- authors:
- OWASP Infrastructure Security Project
- spec_version:
- 1.0
- framework_revision:
- 1.0.0
- last_updated:
- 2026-02-13
- skill_based_on:
- https://github.com/chris-buckley/agnostic-prompt-standard
- content_based_on:
- https://owasp.org/www-project-top-10-infrastructure-security-risks/
OWASP Infrastructure Top 10 — Skill Entry
This SKILL.md is the entrypoint for the OWASP Infrastructure Top 10 skill.
The skill encodes the OWASP Infrastructure Security Top 10 (2024) as structured, machine-readable references that an agent can query to identify, assess, and remediate infrastructure security risks.
Normative references (Infrastructure Top 10)
- 00 Vulnerability Index
- 01 Outdated Software
- 02 Insufficient Threat Detection
- 03 Insecure Configurations
- 04 Insecure Resource and User Management
- 05 Insecure Use of Cryptography
- 06 Insecure Network Access Management
- 07 Insecure Authentication Methods and Default Credentials
- 08 Information Leakage
- 09 Insecure Access to Resources and Management Components
- 10 Insufficient Asset Management and Documentation
Skill layout
SKILL.md— this file (skill entrypoint).references/— the Infrastructure Top 10 normative documents.00-vulnerability-index.md— index of all vulnerability identifiers, categories, and cross-references.01through10— one document per vulnerability aligned with OWASP Infrastructure Security numbering.
🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.
Related Skills
microsoft/pr-reference
tools
VerifiedTrustedCommunity
Generates PR reference XML containing commit history and unified diffs between branches with extension and path filtering. Includes utilities to list changed files by type and read diff chunks. Use when creating pull request descriptions, preparing code reviews, analyzing branch changes, discovering work items from diffs, or generating structured diff summaries. - Brought to you by microsoft/hve-core
909SKILL.mdUpdated Apr 9, 2026
microsoft/security-reviewer-formats
development
VerifiedTrustedCommunity
Format specifications and data contracts for the security reviewer orchestrator and its subagents - Brought to you by microsoft/hve-core.
909SKILL.mdUpdated Apr 9, 2026
microsoft/secure-by-design
development
VerifiedTrustedCommunity
Secure by Design principles knowledge base for assessing adherence to security-first design, development, and deployment practices across the software lifecycle - Brought to you by microsoft/hve-core.
909SKILL.mdUpdated Apr 9, 2026
microsoft/owasp-top-10
development
VerifiedTrustedCommunity
OWASP Top 10 for Web Applications (2025) vulnerability knowledge base for identifying, assessing, and remediating security risks in web application environments - Brought to you by microsoft/hve-core.
909SKILL.mdUpdated Apr 9, 2026