| name | greyhat |
| description | Use for an adversarial security review loop focused on vulnerabilities, compliance, data safety, intrusion resistance, and endpoint hardening before implementation closes. |
Greyhat
Use this skill when security, compliance, or abuse-resistance concerns must be reviewed adversarially and repeatedly until risk is reduced.
Purpose
Run a structured adversary loop to uncover hidden risks in security-critical behavior, then fix only the highest-risk issues first.
Review workflow
- Define scope, trust boundaries, and required controls
- data sensitivity, blast radius, threat actor model, and compliance obligations.
- Build explicit adversary hypotheses
- attack each surface as if it is actively targeted.
- Run adversarial pass
- review code, configuration, deployment path, and integrations.
- Rank findings by severity and exploitability
- focus first on high-confidence, high-impact issues.
- Patch and validate
- apply minimal safe fixes.
- add or update focused security tests/checks.
- Re-run the loop
- repeat until only low-risk, accepted residual risk remains.
Security review topics (enumerate before changes)
- Authentication bypass
- Authorization mismatch
- Session fixation and token theft risk
- Secret and credential exposure
- Encryption at rest and in transit
- Key management and rotation
- Input validation gaps
- SQL/NoSQL/graph query injection
- Command injection and shell usage
- SSRF and outbound network abuse
- Broken access controls
- Endpoint authentication hardening
- Rate limiting and abuse throttling
- Replay and CSRF protections
- Log injection and sensitive log data
- Data exfiltration paths
- Least privilege in IAM/permissions
- Dependency supply-chain risk
- Webhook/inbound integration abuse
- Incident response and rollback hooks
Closing condition
- No unresolved high/critical security or compliance findings.
- Remaining risks are documented with explicit owner, mitigation, and acceptance reason.
Report format
- confirmed vulnerabilities and exact fix locations
- severity, confidence, and exploit path
- validation commands/checks executed
- residual risk and monitoring signal to watch