Summary
Add a security-engineer skill that guides secure coding practices — identifying vulnerabilities, reviewing auth/authz, and suggesting fixes for common security issues.
What this skill should do
- Review code for OWASP Top 10 vulnerabilities
- Guide on secure authentication and authorization patterns
- Flag insecure handling of secrets, tokens, and credentials
- Suggest input validation and output encoding patterns
- Help write security-focused tests
Reference
See existing skills like lfx-preflight/SKILL.md for pattern and format.
Each skill lives in its own directory with a SKILL.md file and markdown instructions.
Acceptance Criteria
Summary
Add a
security-engineerskill that guides secure coding practices — identifying vulnerabilities, reviewing auth/authz, and suggesting fixes for common security issues.What this skill should do
Reference
See existing skills like
lfx-preflight/SKILL.mdfor pattern and format.Each skill lives in its own directory with a
SKILL.mdfile and markdown instructions.Acceptance Criteria
security-engineer/SKILL.mdexists with correct frontmatter