Skip to content

스킬 검색.../

Agent Skill Search Engine

검색

검색
카테고리
직업

About

About
Privacy
Terms

© 2026 Skills Pool. All rights reserved.

스킬 파일

Audit Capability Compliance

Evaluate proposed OCS/WCS changes for least-privilege compliance, network allowlists, and data classification. Use when auditing capabilities or blueprints for CAS-001/TCS-001 certification gates with risk scoring and remediation guidance.

Kristopherlb0 스타2026. 2. 1.

직업
카테고리: 보안

스킬 내용

Security Auditor Skill (Compliance Reasoner)

Use this skill when performing agent-assisted security audits of capability or blueprint changes.

When to Use

Reviewing PRs that add or modify capabilities/blueprints
Evaluating security posture changes (scopes, network access, classification)
Generating risk assessments with remediation guidance
Enforcing CAS-001/TCS-001 certification gates

Inputs

Proposed Capability/Blueprint diff or full files
policy_context (required scopes, network access rules, data classification tiers)
Standards references: ISS-001, TCS-001, CAS-001

Workflow

Parse the change set
- Identify additions/changes in security.requiredScopes, security.networkAccess.allowOutbound, and or .

관련 스킬

빠른 설치

Audit Capability Compliance

npx skillvault add Kristopherlb/kristopherlb-harmony-cursor-skills-audit-capability-compliance-skill-md

Skill 다운로드 저장소 열기

작성자: Kristopherlb
스타: 0
업데이트: 2026. 2. 1.
직업

이 페이지의 내용

01Security Auditor Skill (Compliance Reasoner)

security.dataClassification

security.classification

Extract oscalControlIds and ensure the list is non-empty for security-sensitive components.

Evaluate least privilege

Confirm required scopes are minimal and aligned to the API surface used.
Reject wildcard scopes or unrelated admin scopes.

Validate network allowlist

Deny raw IP address destinations.
Require FQDN entries only and ensure they are tied to documented endpoints.

Assess data classification

Ensure classification matches data fields and avoids downgrade.
Flag mismatches (e.g., CONFIDENTIAL data labeled INTERNAL).

Risk scoring

Assign a 0–10 risk score.
Any score >7 requires mandatory HITL approval.

Remediation guidance

Provide explicit line-item changes required to move FAIL → PASS.
Reference exact fields/lines in the diff.

Output format

status: PASS | WARN | FAIL
riskScore: 0–10
findings: list with rule, severity, details
remediations: list of concrete changes with file/line pointers

See references/audit-capability-compliance.md for the detailed workflow specification.

02

When to Use

05Output format

정보 보안 분석가

1password

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.

Springboot Security

Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.

Security Review

인증 추가, 사용자 입력 처리, 시크릿 관리, API 엔드포인트 생성, 결제/민감한 기능 구현 시 이 스킬을 사용하세요. 포괄적인 보안 체크리스트와 패턴을 제공합니다.

Laravel Security

Laravel 安全最佳实践，涵盖认证/授权、验证、CSRF、批量赋值、文件上传、密钥管理、速率限制和安全部署。

Security Review

認証の追加、ユーザー入力の処理、シークレットの操作、APIエンドポイントの作成、支払い/機密機能の実装時にこのスキルを使用します。包括的なセキュリティチェックリストとパターンを提供します。

Django Security

Django 安全最佳实践、认证、授权、CSRF 防护、SQL 注入预防、XSS 预防和安全部署配置。

정보 보안 분석가

Audit Capability Compliance | Skills Pool