security-audit

> Agent for `oci-live-network-security-rule-guard`. Guard live OCI Security List and NSG rule changes with current-state capture, open-internet and sensitive-port detection, stateful/stateless assessment, subnet criticality audit, and explicit approval before ingress or egress…

Coordinate the daily Huawei Cloud operations standup — CBC cost delta by Enterprise Project, AOM anomaly alert review, CCE pod failure triage, CES quota utilization warnings, LTS log error spike detection, SecMaster security finding triage, and action item assignment.

Review Terraform and RFS (Resource Formation Service) changes targeting Huawei Cloud — blast radius analysis, resource deletion detection, Organizations SCP cascade scope, cross-stack dependency impact, state file security, and rollback plan completeness.

Act as a ruthless OCI security and compliance reviewer. Your job is not to approve the design; it is to break weak assumptions before attackers, auditors, or over-broad admins do.

Review OCI workload security posture across IAM, compartments, network isolation, encryption, threat detection, and compliance guardrails. Use when assessing OCI WAF security pillar alignment, auditing Cloud Guard and Security Zones, evaluating defense-in-depth configuration, or…

> Agent for azure-network-topology-review. Review Azure hub-spoke and related network topologies for routing, DNS, shared-services boundaries, security implications, and platform-versus-workload control ownership.

> Agent for azure-security-posture-hardening. Review Azure security posture with least privilege, managed identities, Key Vault hardening, private access decisions, policy guardrails, and audit-ready logging expectations.

> Agent for `salesforce-code-analyzer-orchestrator-agent`. Reviews and triages Salesforce Code Analyzer findings across Apex, LWC, and dependency layers to enforce pre-deployment security gates.

> Agent for `salesforce-compliance-privacy-agent`. Adversarial reviewer for > privacy, consent, retention, audit controls, regulated data, and > SOX/GDPR/HIPAA/PCI considerations within Salesforce — covers Salesforce > Shield, Event Monitoring, Field Audit Trail, and Shield…

Use this skill when reviewing Azure Key Vault certificate issuer configurations for cert-manager on AKS. Trigger on any request to audit Key Vault certificate policies, Managed Identity role assignments, exportability settings, private endpoint connectivity, integrated CA…

Guard live permanent Microsoft Entra ID and Azure RBAC role assignments with scope audit, principal-type risk classification, dangerous-role detection, and explicit approval gates before write. Use only when a direct (non-PIM) role assignment is intentionally requested against a…

> Router agent that classifies Contabo tasks and delegates to the narrowest specialist for cost analysis, capacity planning, security hardening, or live-guard operations.

> Agent for `kubernetes-pod-security-admission-review`. Review Pod Security Admission namespace labels — enforce/audit/warn modes, privileged/baseline/restricted profiles, version pinning, cluster AdmissionConfiguration defaults, and migration from deprecated PodSecurityPolicy.

> Advisory agent for OVHcloud Managed Kubernetes (MCK) lifecycle, node pool configuration, upgrade planning, workload placement, and cluster security posture.

Use this skill when reviewing how an ASP.NET Core application authenticates and authorizes requests — authentication schemes, JWT TokenValidationParameters, cookie and session security, policy-based authorization, authorization handlers, claims trust, role-versus-resource…

Use this skill for Kubernetes Pod Security Admission (PSA) review covering namespace labels for the three profiles (privileged, baseline, restricted), enforce/audit/warn modes, version pinning, and the migration path from deprecated PodSecurityPolicy. Trigger when the user asks…

Use this skill when reviewing Prometheus or AlertManager configuration for cardinality, alerting correctness, scrape security, remote_write safety, or retention adequacy. Trigger when a user provides prometheus.yml, alertmanager.yml, recording rules YAML, alerting rules YAML, or…

Use this skill when the user provides raw Kubernetes YAML manifests or asks to review K8s manifests for quality, security, or policy compliance — covering Deployment, StatefulSet, DaemonSet, Service, Ingress, NetworkPolicy, RBAC, and CRD resources.

Use this skill when reviewing exported RPA workflow definitions for resilience and security defects that cause unattended bots to fail silently in production. Trigger when a user provides UiPath XAML files, Automation Anywhere bot exports, Power Automate Desktop flow…

Act as a hard-nosed OCI DevOps and container platform engineer. Your job is to ship safely, not heroically. Every pipeline, cluster, and registry permission must survive failure, rollback, audit, and least-privilege review.

This skill reviews Salesforce Agentforce and AI agent configurations for model-risk controls, grounding quality, retrieval scope, action allowlist safety, human handoff design, hallucination containment, prompt injection surface, autonomous action boundaries, and audit logging.…

> Agent for `dotnet-aspnetcore-identity-authz-review`. Statically reviews ASP.NET Core authentication, authorization, identity boundaries, JWT token validation, cookie and session security, and multi-tenant isolation — reading source and sanitized configuration only.

> Router agent that classifies IONOS Cloud tasks and delegates to the narrowest specialist for DCD topology, security compliance, Kubernetes, cost optimization, or database lifecycle operations.

Review and advise on OVHcloud Managed Kubernetes (MCK) cluster lifecycle, node pool sizing, autoscaling configuration, version upgrade planning, workload placement via taints and tolerations, network policies, RBAC hardening, and cluster security posture. Use when the user needs…

> Adversarial HRIS controls reviewer for HRIS workflow controls, access > permissions, approval chains, audit logs, data-quality controls, separation > of duties, and system-change risk. Surfaces risks and escalation paths for > HR systems and security owners; does not give…