security-skill

Enterprise security architect for multi-tenant SaaS on NestJS + Next.js + PostgreSQL + Redis. Use when designing authentication/authorization, reviewing security posture, hardening APIs, handling tenant isolation, encrypting data, managing secrets, responding to incidents, or auditing OWASP compliance. Trigger on: auth guards, JWT, RBAC, ABAC, CASL, XSS, CSRF, SSRF, SQL injection, rate limiting, CORS, CSP, file upload security, encryption at rest/transit, PII handling, secret rotation, vulnerability scanning, penetration testing, SOC 2 compliance, admin impersonation security, cross-workspace data leak prevention, or any security concern in a multi-tenant context. Also trigger when the user says "is this secure?", "security audit", "harden", "vulnerability", or "threat model".