Skill UI

Automate security regression testing for Large Language Model (LLM) applications by integrating Promptfoo and DeepTeam into CI/CD pipelines. This skill enforces a critical security gate, automatically testing endpoints against OWASP LLM Top 10, OWASP Agentic threats, and common jailbreaks/prompt injections. It ensures that security patches do not regress over time due to prompt or model changes, providing continuous risk monitoring.

This skill guides the deployment and strategic use of honeytokens and canarytokens (decoy credentials, files, URLs, etc.). These high-fidelity decoys are designed to detect unauthorized access, insider threats, or adversary reconnaissance by triggering alerts upon any interaction, providing early warning deep within the kill chain.

A comprehensive tool and methodology for identifying and preventing dependency confusion attacks across major package ecosystems (npm, PyPI, Maven). It detects instances where internal, private package names are leaked and subsequently published publicly by attackers. The skill provides both detection (enumerating claimable internal names) and prevention strategies (enforcing registry pinning and scope restrictions) to secure the software supply chain.

Provides a comprehensive workflow and tooling (GuardDog) to triage npm packages and dependency trees for signs of malicious activity. It focuses on static analysis of install scripts, detecting credential exfiltration, reverse shells, and worming behavior, thereby safeguarding against software supply-chain attacks.

This skill detects malicious, misspelled, or brand-jacked package names (typosquatting) across major ecosystems (npm, PyPI, crates.io). It uses advanced techniques like edit-distance and keyboard-proximity analysis, powered by tools like typomania and OSSGadget, to flag potential supply chain attacks *before* a dependency is installed. It is essential for implementing robust CI/CD security gates and proactive dependency screening.

Pacu is an open-source, modular AWS exploitation framework designed for authorized cloud penetration testing and red-teaming. It functions as a cloud-pentest analogue to Metasploit, enabling users to enumerate AWS resources, scan for privilege escalation paths, and automate the exploitation of IAM vulnerabilities, persistence mechanisms, and data exfiltration. Use this skill to assess the blast radius of compromised credentials in a controlled, authorized environment.

This skill guides the end-to-end process of supply chain security by generating standards-compliant Software Bills of Materials (SBOMs) in CycloneDX and SPDX formats. It details using Syft to create inventories, correlating them with vulnerability intelligence via Grype, enforcing CI/CD gates based on severity, and establishing verifiable provenance using Cosign signing. Essential for modern DevSecOps practices.

A comprehensive read-only client for querying the Go package discovery API (pkg.go.dev). It provides detailed documentation, API signatures, usage examples, version history, dependency graphs, and known CVE vulnerabilities for any Go module or package. Ideal for understanding external library usage, reviewing API details, or checking dependency health without needing write access.

NetExec is a powerful, protocol-oriented tool for penetration testing, designed for assessing and exploiting Windows and Active Directory environments. It facilitates lateral movement by authenticating over protocols like SMB, WinRM, LDAP, and MSSQL. Key functions include password spraying, comprehensive network enumeration, command execution, and dumping critical credentials (SAM, LSA, NTDS) during post-exploitation phases.

This skill guides the full lifecycle of threat intelligence processing, transforming raw indicators of compromise (IOCs) from MISP feeds into actionable security detections. It covers feed curation, false positive reduction using warninglists, and automating the generation of high-fidelity rules for Suricata, Sigma, and Wazuh. Use this to mature your MISP instance from a repository into a proactive detection engine.

This skill details the advanced red-teaming technique of exploiting Active Directory Certificate Services (AD CS) via the ESC8 path. By abusing the HTTP web-enrollment endpoint and relaying coerced NTLM credentials, an attacker can compel a domain controller to request a machine certificate. This certificate is then used to compromise the domain via PKINIT and DCSync.

This guide provides a structured approach to red-teaming Large Language Models (LLMs) to detect sensitive data leakage from system prompts. It simulates advanced attacks—including prompt injection, instruction override, and encoding tricks—to identify embedded secrets, API keys, and proprietary business logic. Essential for validating adherence to OWASP LLM07 and securing AI applications against data exfiltration.