원클릭으로 Manus에서 모든 스킬 실행

security-review

스타14

포크2

업데이트2026년 4월 23일 11:04

Security analysis patterns for STRIDE threat modeling, compliance checks (SOC2, GDPR, HIPAA), vulnerability assessment, and secure coding. Use for security reviews at planning, implementation, and review phases.

설치

Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.

Manus에서 실행

출처

kennedym-ds

kennedym-ds/copilot_orchestrator

GitHub 저장소 열기 Creator 저장소 보기

다운로드

Manus에서 실행

관련 직업SOC

SOC 직업 분류 기준

정보 보안 분석가컴퓨터 및 수학직·SOC 15-1212

파일 탐색기

3 개 파일

SKILL.md

readonly

이 저장소의 다른 Skills

같은 저장소

budget-gatekeeper

kennedym-ds/copilot_orchestrator

Runtime budget enforcement for conductor workflows. Tracks model tier usage, delegation count, and estimated token cost across phases. Provides soft/hard limits with escalation patterns to prevent runaway sessions.

2026-04-2814

delegation-routing

kennedym-ds/copilot_orchestrator

Agent-to-agent routing patterns for autonomous delegation via #runSubagent. Defines keyword matching, context templates, model preferences, escalation rules, and invocation guardrails. Use for routing decisions, subagent dispatch, delegation context preparation, and handoff target selection.

2026-04-2814

accessibility-wcag

kennedym-ds/copilot_orchestrator

WCAG 2.1 Level AA compliance patterns for semantic HTML, ARIA, keyboard navigation, and screen reader compatibility. Use for accessibility audits, ARIA reviews, and POUR principle validation.

2026-04-2314

code-topology

kennedym-ds/copilot_orchestrator

Structured protocol for understanding codebase architecture through dependency mapping, call-chain tracing, data-flow analysis, and impact assessment. Use for planning, implementation, review, and any task requiring structural code understanding.

2026-04-2314

conductor-lifecycle

kennedym-ds/copilot_orchestrator

Conductor workflow patterns for multi-phase orchestration including planning, implementation, review cycles, pause points, and handoffs. Use for lifecycle management, delegation, and state tracking.

2026-04-2314

documentation-style

kennedym-ds/copilot_orchestrator

Documentation patterns for Markdown formatting, structure, voice/tone, and technical writing best practices. Use for user guides, API docs, code comments, and content reviews.

2026-04-2314

name	security-review
description	Security analysis patterns for STRIDE threat modeling, compliance checks (SOC2, GDPR, HIPAA), vulnerability assessment, and secure coding. Use for security reviews at planning, implementation, and review phases.
user-invocable	true
argument-hint	[file, PR, or path to review for vulnerabilities]

Category	Threat	Example	Mitigation
Spoofing	Identity forgery	Weak authentication	MFA, certificate pinning, token validation
Tampering	Data modification	Unvalidated input	Input validation, integrity checks, signing
Repudiation	Action denial	Missing audit logs	Comprehensive logging, immutable audit trail
Information Disclosure	Data leakage	Exposed secrets	Encryption at rest/transit, secrets management
Denial of Service	Availability attack	No rate limiting	Rate limiting, resource quotas, timeout enforcement
Elevation of Privilege	Unauthorized access	Broken access control	Principle of least privilege, RBAC, permission checks

name	security-review
description	Security analysis patterns for STRIDE threat modeling, compliance checks (SOC2, GDPR, HIPAA), vulnerability assessment, and secure coding. Use for security reviews at planning, implementation, and review phases.
user-invocable	true
argument-hint	[file, PR, or path to review for vulnerabilities]

Category	Threat	Example	Mitigation
Spoofing	Identity forgery	Weak authentication	MFA, certificate pinning, token validation
Tampering	Data modification	Unvalidated input	Input validation, integrity checks, signing
Repudiation	Action denial	Missing audit logs	Comprehensive logging, immutable audit trail
Information Disclosure	Data leakage	Exposed secrets	Encryption at rest/transit, secrets management
Denial of Service	Availability attack	No rate limiting	Rate limiting, resource quotas, timeout enforcement
Elevation of Privilege	Unauthorized access	Broken access control	Principle of least privilege, RBAC, permission checks

security-review

이 저장소의 다른 Skills

이 저장소의 다른 Skills

Security Review & Threat Modeling

Description

When to Use

When NOT to Use

Entry Points

Trigger Phrases

Context Patterns

Core Knowledge

STRIDE Threat Modeling

Risk Rating System

Common Vulnerability Patterns

1. Authentication/Authorization

2. Input Validation

3. Data Protection

Compliance Requirements

SOC 2 Type II

GDPR (EU Data Protection)

HIPAA (Healthcare)

Secure Coding Checklist

Code Review Security Patterns

Examples

Example 1: OAuth2 Implementation Review

HIGH: Missing Scope Validation

MEDIUM: Missing Audit Logs for Failed Auth

LOW: Refresh Token Rotation Not Implemented

Compliance Impact

Recommendations

Verdict

Verdict

Security Review & Threat Modeling

Description

When to Use

When NOT to Use

Entry Points

Trigger Phrases

Context Patterns

Core Knowledge

STRIDE Threat Modeling

Risk Rating System

Common Vulnerability Patterns

1. Authentication/Authorization

2. Input Validation

3. Data Protection

Compliance Requirements

SOC 2 Type II

GDPR (EU Data Protection)

HIPAA (Healthcare)

Secure Coding Checklist

Code Review Security Patterns

Examples

Example 1: OAuth2 Implementation Review

HIGH: Missing Scope Validation

MEDIUM: Missing Audit Logs for Failed Auth

LOW: Refresh Token Rotation Not Implemented

Compliance Impact

Recommendations

Verdict

Verdict