agent

当用户要求“测试此网站”、“运行探索性测试”、“检查无障碍问题”、“验证登录流程……”时，应使用此技能。

将识别出的威胁映射到适当的安全控制措施和缓解方案。适用于确定安全投资的优先级、制定修复计划或验证……

配置和管理 GitHub Dependabot 的综合指南。当用户询问有关创建或优化 dependabot.yml 文件、管理 Dependabot 拉取请求、配置依赖项更新策略、设置分组更新、monorepo 模式、多生态系统分组、安全更新配置、自动分类规则，或任何与 Dependabot 相关的 GitHub Advanced Security (GHAS) 供应链安全主题时，请使用此技能。对于通过 GitHub MCP Server 在 AI 编码代理中进行 pre-commit 依赖项漏洞扫描，此技能会引用 Advanced Security 插件 (`advanced-security@copilot-plugins`)。当代理需要在提交前扫描依赖项的已知漏洞时，请使用此技能。

Audit MCP (Model Context Protocol) server configurations for security issues. Use this skill when: - Reviewing .mcp.json files for security risks - Checking MCP server args for hardcoded secrets or shell injection patterns - Validating that MCP servers use pinned versions (not @latest) - Detecting unpinned dependencies in MCP server configurations - Auditing which MCP servers a project registers and whether they're on an approved list - Checking for environment variable usage vs. hardcoded credentials in MCP configs - Any request like "is my MCP config secure?", "audit my MCP servers", or "check .mcp.json" keywords: [mcp, security, audit, secrets, shell-injection, supply-chain, governance]

Entry P0 primary router for HackSkills. Use when the task involves web application testing, API security assessment, recon, vulnerability triage, exploit path planning, or choosing the right next category skill before any deep topic skill.

Linux lateral movement playbook. Use after gaining initial access to pivot across Linux hosts via SSH hijacking, credential harvesting, internal pivoting, D-Bus exploitation, sudo token reuse, and shared filesystem abuse.

指导创建遵循开放格式规范的最佳实践智能体技能。涵盖前置元数据、目录结构、渐进式披露、…

>-

Evaluate UX/UI using Jakob Nielsen's 10 usability heuristics. Comprehensive audit of visibility, control, consistency, error prevention, recognition,…

Primary Playwright governance skill for sandbox browser verification and deterministic end-to-end authoring or rewrite work.

Security audit for LLM and GenAI applications using OWASP Top 10 for LLM Apps 2025. Assess prompt injection, data leakage, supply chain, and 7 more critical…

通用任务调度器。在开发工作流（步骤 0-9）中启动、路由和执行任何任务。对每个任务调用 — /task <description>、/task…

Deep-dive usability evaluation of specific user tasks. Simulates novice user cognition step-by-step to identify learnability issues, unclear actions, and…

Evaluate UX/UI using Don Norman's 7 fundamental design principles from The Design of Everyday Things. Audit discoverability, affordances, signifiers, feedback,…

AI governance audit using ISO 42001 standard. Ensures AI systems are developed and deployed responsibly with risk management, ethics, security, transparency,…

Compliance review and testing: evaluate your application against HIPAA, SOC 2, PCI-DSS, and GDPR technical requirements with browser-based validation and YAML…

Security review and penetration testing: evaluate your application against OWASP Top 10, authentication security, HTTP headers, CORS, CSP, supply chain risks,…

AI trustworthiness testing using OWASP AI Testing Guide v1. Execute 44 test cases across 4 layers (Application, Model, Infrastructure, Data) with practical…

AI risk assessment using NIST AI RMF 1.0 framework. Evaluate AI systems across 4 core functions (Govern, Map, Measure, Manage) for trustworthy and responsible…

Three-stage code review protocol covering spec compliance, code quality, and domain integrity. Use this skill whenever the user asks to review code, prepare or check a PR, assess implementation quality, verify code against a spec or acceptance criteria, or audit for security and domain modeling issues. Triggers on: "review this code", "review my PR", "check implementation against spec", "code quality audit", "does this match the requirements", "review for security issues", "check for primitive obsession", "monetary precision review", "review test coverage gaps". Also activates when the user wants structured PASS/FAIL verdicts per requirement, severity-rated findings, or a gated review that blocks on critical issues. NOT for: style/formatting linting, debugging runtime errors, writing new code, or automated CI checks.