@unitoneai/skills

v1.0.0

Published

11 days ago

45 security skills for AI coding agents — Claude Code, Gemini CLI, Cursor, Codex, and more

0High
0Medium
0Low

security claude-code gemini-cli cursor codex skills appsec devsecops threat-modeling vulnerability-management ai-security

Security Skills for AI Coding Agents

Drop structured security skills into your AI coding agent. Get instant, framework-grounded security expertise.

Why This Exists

AI coding agents can perform security reviews, but they hallucinate framework control numbers, miss entire vulnerability categories, and produce inconsistent output across runs. The result is security guidance that sounds authoritative but falls apart under scrutiny.

These skills ground agents in real published frameworks -- OWASP, NIST, MITRE ATT&CK, and CIS Controls -- so that every finding maps to a verifiable control. They are not prompt dumps. They are structured, framework-referenced, injection-hardened skill files that produce reliable, auditable security output.

Quick Start

git clone https://github.com/UnitOneAI/SecuritySkills.git
cd SecuritySkills

Claude Code (native format — auto-discovery and /slash-commands)

# Global install — all skills available via auto-discovery and /skill-name
cp -r skills/*/* ~/.claude/skills/

# Or project-local
mkdir -p .claude/skills && cp -r skills/*/* .claude/skills/

# Then use naturally:
# "Review this code for security issues"    → Claude auto-loads secure-code-review
# /threat-modeling                          → Direct invocation
# /cve-triage CVE-2024-1234                 → With arguments

Gemini CLI

# Reference skills via @ commands
cp -r skills/ ~/.gemini/skills/

Cursor

# Add as Cursor rules
cp -r skills/ .cursor/rules/

Codex CLI / Kiro / Generic

# Point any agent at a skill's SKILL.md file
codex --context skills/appsec/threat-modeling/SKILL.md "Review this design"
kiro spec --skill skills/ai-security/llm-top-10/SKILL.md

Each skill is a directory with SKILL.md as the entrypoint, following the Agent Skills open standard. Claude Code discovers skills automatically; other tools can load them by path.

Skills

45 skills across 10 security domains.

Application Security

| Skill | File | Frameworks | |-------|------|------------| | Threat Modeling (STRIDE) | skills/appsec/threat-modeling.md | STRIDE, PASTA, MITRE ATT&CK | | Secure Code Review | skills/appsec/secure-code-review.md | OWASP ASVS 4.0.3, CWE Top 25 | | OWASP Top 10 (Web) | skills/appsec/owasp-top-10-web.md | OWASP Top 10 2021 | | API Security Review | skills/appsec/api-security.md | OWASP API Security Top 10 2023 | | Dependency Scanning | skills/appsec/dependency-scanning.md | SLSA v1.0, CycloneDX, SPDX |

AI Security

| Skill | File | Frameworks | |-------|------|------------| | LLM Top 10 Review | skills/ai-security/llm-top-10.md | OWASP LLM Top 10 2025 | | Agentic AI Top 10 | skills/ai-security/agentic-top-10.md | OWASP Agentic AI, MITRE ATLAS | | Prompt Injection Testing | skills/ai-security/prompt-injection.md | OWASP LLM01:2025, MITRE ATLAS | | Model Supply Chain | skills/ai-security/model-supply-chain.md | OWASP LLM03:2025, SLSA v1.0 | | AI Data Privacy | skills/ai-security/ai-data-privacy.md | NIST AI RMF, OWASP LLM02:2025 | | Agent Security Architecture | skills/ai-security/agent-security.md | OWASP Agentic AI, NIST AI RMF |

Identity & Access

| Skill | File | Frameworks | |-------|------|------------| | IAM Security Review | skills/identity/iam-review.md | NIST SP 800-63B, CIS Controls v8 | | Access Review | skills/identity/access-review.md | CIS Controls v8, NIST SP 800-53 | | RBAC/ABAC Design | skills/identity/rbac-design.md | NIST RBAC, NIST SP 800-162 | | Zero Trust Assessment | skills/identity/zero-trust-assessment.md | NIST SP 800-207, CISA ZTMM v2 | | Privileged Access Management | skills/identity/privileged-access.md | CIS Controls v8, NIST SP 800-53 |

Cloud Security

| Skill | File | Frameworks | |-------|------|------------| | AWS Security Review | skills/cloud/aws-review.md | CIS AWS Benchmark v3.0 | | Azure Security Review | skills/cloud/azure-review.md | CIS Azure Benchmark v2.1 | | GCP Security Review | skills/cloud/gcp-review.md | CIS GCP Benchmark v2.0 | | IaC Security | skills/cloud/iac-security.md | OWASP IaC Security, SLSA v1.0 | | Container Security | skills/cloud/container-security.md | CIS Docker v1.6, CIS K8s v1.9 |

Vulnerability Management

| Skill | File | Frameworks | |-------|------|------------| | CVE Triage | skills/vuln-management/cve-triage.md | CVSS 4.0, SSVC 2.1, CISA KEV, EPSS | | Patch Prioritization | skills/vuln-management/patch-prioritization.md | SSVC 2.1, EPSS, CISA KEV | | SBOM Analysis | skills/vuln-management/sbom-analysis.md | CycloneDX, SPDX, VEX | | Scanner Tuning | skills/vuln-management/scanner-tuning.md | CVSS 4.0, CWE |

Compliance

| Skill | File | Frameworks | |-------|------|------------| | SOC 2 Gap Analysis | skills/compliance/soc2-gap.md | AICPA TSC | | ISO 27001 Gap Analysis | skills/compliance/iso27001-gap.md | ISO 27001:2022 | | PCI DSS Review | skills/compliance/pci-dss-review.md | PCI DSS v4.0 | | HIPAA Review | skills/compliance/hipaa-review.md | HIPAA Security Rule | | NIST CSF Assessment | skills/compliance/nist-csf-assessment.md | NIST CSF 2.0 |

Incident Response

| Skill | File | Frameworks | |-------|------|------------| | IR Playbook | skills/incident-response/ir-playbook.md | NIST SP 800-61 | | Forensics Checklist | skills/incident-response/forensics-checklist.md | NIST SP 800-86, RFC 3227 | | Containment Strategies | skills/incident-response/containment.md | NIST SP 800-61, MITRE ATT&CK | | Post-Incident Review | skills/incident-response/post-incident-review.md | NIST SP 800-61 |

SecOps

| Skill | File | Frameworks | |-------|------|------------| | Detection Engineering | skills/secops/detection-engineering.md | MITRE ATT&CK v16, Sigma | | SIEM Rules | skills/secops/siem-rules.md | MITRE ATT&CK v16 | | Alert Triage | skills/secops/alert-triage.md | MITRE ATT&CK v16 | | Log Analysis | skills/secops/log-analysis.md | MITRE ATT&CK v16, NIST SP 800-92 |

Network Security

| Skill | File | Frameworks | |-------|------|------------| | Firewall Rule Audit | skills/network/firewall-review.md | CIS Controls v8, NIST SP 800-41 | | Network Segmentation | skills/network/segmentation.md | NIST SP 800-207, CIS Controls v8 | | DNS Security | skills/network/dns-security.md | NIST SP 800-81, CIS Controls v8 |

DevSecOps

| Skill | File | Frameworks | |-------|------|------------| | Pipeline Security | skills/devsecops/pipeline-security.md | SLSA v1.0, OWASP CI/CD Top 10 | | Secrets Management | skills/devsecops/secrets-management.md | OWASP Secrets Mgmt, NIST SP 800-57 | | SAST Configuration | skills/devsecops/sast-config.md | OWASP ASVS, CWE Top 25 | | DAST Configuration | skills/devsecops/dast-config.md | OWASP Top 10, OWASP Testing Guide |

Role Bundles

Pre-configured skill sequences for common security roles. Each bundle orchestrates skills in the right order for the engagement type.

| Role | Description | Skills | |------|-------------|--------| | vCISO | Security program leadership, risk assessment, compliance, board reporting | nist-csf-assessment, soc2-gap, iam-review, cve-triage, threat-modeling | | SOC Analyst | Alert triage, threat hunting, incident investigation, detection engineering | alert-triage, detection-engineering, ir-playbook, log-analysis, cve-triage | | Security Engineer | Building security into products and infrastructure | secure-code-review, dependency-scanning, cve-triage, secrets-management, pipeline-security, container-security, iam-review | | AppSec Engineer | Application security design, testing, and code review | threat-modeling, secure-code-review, api-security, dependency-scanning, prompt-injection, owasp-top-10-web | | Cloud Security Engineer | Cloud posture, IaC review, container security, identity | aws-review, azure-review, gcp-review, iac-security, container-security, zero-trust-assessment, privileged-access |

What Makes This Different

Framework-grounded. Every skill cites real control IDs from OWASP, NIST, MITRE ATT&CK, or CIS. No invented controls. No hallucinated references.
Consistent output format. Structured findings with severity, CWE mapping, framework reference, evidence, and remediation -- every time.
AI-security skills that don't exist elsewhere. OWASP LLM Top 10, Agentic AI security, prompt injection testing, model supply chain review.
Multi-agent compatible. Same skill file works with Claude Code, Gemini CLI, Cursor, Codex CLI, OpenClaw, and Kiro.
Prompt-injection hardened. Every skill reviewed against OWASP LLM01:2025. CI scans for injection patterns on every PR.
Enterprise-ready. Built by practitioners, not scraped from blog posts. Designed for real security programs.

Disclaimer

These skills were built through extensive research against published security frameworks (OWASP, NIST, MITRE ATT&CK, CIS Controls) and reviewed by five specialized AI security agents:

CISO Reviewer — Strategic risk, compliance alignment, and program-level gaps
Security Architect — Framework accuracy, control ID verification, and design patterns
Security Engineer — Implementation correctness, tooling gaps, and operational feasibility
AI Security Researcher — LLM/agentic threat modeling, prompt injection hardening, and ATLAS coverage
SOC Analyst — Detection engineering, alert triage accuracy, and incident response workflows

Despite this multi-layered review process, these skills may contain inaccuracies, outdated framework references, or gaps in coverage. Validate all control IDs, framework versions, and remediation guidance against authoritative sources before using these skills in production security workflows. Security frameworks evolve — always cross-reference with the latest published versions.

Contributing

See CONTRIBUTING.md for the quality bar, skill format specification, and PR checklist. Every skill must cite a real framework with verifiable control IDs.

Security

See SECURITY.md for our prompt injection hardening policy and responsible disclosure process.

License

MIT