AI Agent Skills

A collection of reusable AI agent skills for code review, security analysis, and compliance validation

A curated collection of AI agent skills focused on security analysis, compliance validation, and software development best practices.

📦 Available Skills

🔒 security-compliance-review

AI-powered SAST and compliance analysis for Pull Request diffs. Detects vulnerabilities and regulatory compliance issues across any programming language.

Features:

• 🔍 Advanced SAST Analysis (OWASP Top 10)
• 📋 Compliance Checks (GDPR, HIPAA, SOC2, PCI-DSS)
• 🎯 Diff-Only Analysis
• 💥 Exploitability Assessment
• 🏷️ CWE Mapping
• 📊 Risk Scoring (0-10 scale)

Installation:

npx skills add https://github.com/cess15/skills --skill security-compliance-review

📖 Full Documentation

---

🚀 Quick Start

Install a Skill

# Install specific skill
npx skills add https://github.com/cess15/skills --skill security-compliance-review

# Or clone and install locally
git clone https://github.com/cess15/skills.git
cd skills
npx skills add . --skill security-compliance-review

Use the Skill

Once installed, simply provide a PR diff to your AI agent:

Review this PR for security and compliance issues:
[paste your git diff here]

The agent will automatically use the skill to perform comprehensive security analysis.

---

📁 Repository Structure

skills/
├── README.md                          # This file
├── LICENSE                            # MIT License
├── .gitignore                        # Git ignore rules
├── skills/                           # Skills directory
│   └── security-compliance-review/   # Individual skill
│       ├── README.md                # Skill documentation
│       ├── SKILL.md                 # Skill definition
│       └── examples/                # Usage examples
├── spec/                            # Specifications
│   └── agent-skills-spec.md        # Skills specification
└── template/                        # Skill template
    └── SKILL.md                    # Template for new skills

---

🛠️ Skills Coverage

Security Analysis

• ✅ SQL Injection
• ✅ Command Injection
• ✅ XSS (Cross-Site Scripting)
• ✅ Authentication/Authorization Issues
• ✅ Secrets in Code
• ✅ Insecure Deserialization
• ✅ Security Misconfiguration
• ✅ SSRF (Server-Side Request Forgery)
• ✅ Path Traversal
• ✅ Weak Cryptography

Compliance Standards

• ✅ GDPR - Personal data processing
• ✅ HIPAA - Protected Health Information
• ✅ SOC2 - Access control & audit logging
• ✅ PCI-DSS - Payment card data security

Supported Languages

Python • JavaScript/TypeScript • Java • Go • Ruby • PHP • C# • Rust • Swift

---

🎯 Design Philosophy

Precision Over False Positives

Our skills focus on real, exploitable vulnerabilities rather than theoretical issues. We prioritize:

• Actionable findings with specific remediation steps
• Exploitability assessment from attacker perspective
• Minimal noise and false positives
• Language-agnostic pattern detection

Developer-Friendly

• Clear, concise output
• Specific code examples
• Realistic exploit scenarios
• Prioritized recommendations

---

🤝 Contributing

Contributions are welcome! Whether you want to:

• Add new security patterns
• Improve detection accuracy
• Add new compliance standards
• Create new skills
• Fix bugs or improve documentation

Please feel free to submit a Pull Request or open an Issue.

Adding a New Skill

1. Copy the template from template/SKILL.md
2. Create your skill in skills/your-skill-name/
3. Add examples and documentation
4. Test thoroughly
5. Submit a PR

---

📄 License

MIT License - see LICENSE file for details.

---

📞 Support

• Issues: GitHub Issues
• Discussions: GitHub Discussions

---

🙏 Acknowledgments

Built for the Skills.sh AI agent ecosystem.

---

🔗 Related Projects

• Skills Documentation
• AI Agent Best Practices

---

Made with ❤️ for secure software development