Update from task ee0aebfd-5d40-4f80-b831-205da916732a

.gitignore

@@ -1,4 +1,10 @@
 ```
-# Skills documentation
-skills/**/*.md
+# Compiled Python files
+*.pyc
+__pycache__/
+
+# Environment files
+.env
+.env.local
+*.env.*
 ```

skills/example-skill/security-vulnerability-scanner/SKILL.md

@@ -0,0 +1,185 @@
+---
+name: "security-vulnerability-scanner"
+description: "Analyzes codebases, dependency lists, or configuration files to identify security vulnerabilities, misconfigurations, and compliance gaps. Provides actionable remediation steps with severity ratings and references to CVEs or security standards."
+version: "1.0.0"
+tags: ["security", "vulnerability", "code-analysis", "compliance", "devsecops", "risk-assessment"]
+context_priority: "high"
+---
+
+# Security Vulnerability Scanner
+
+## When to Use This Skill
+
+**Use this skill when:**
+- You need to audit a codebase for common security vulnerabilities (OWASP Top 10, CWE)
+- You want to scan dependency files (package.json, requirements.txt, pom.xml) for known CVEs
+- You need to review infrastructure-as-code (Terraform, CloudFormation, Kubernetes) for misconfigurations
+- You require a security assessment before deployment or release
+- You need to generate compliance reports for security standards (SOC2, ISO 27001, PCI-DSS)
+
+**Do NOT use this skill when:**
+- You need real-time threat detection or intrusion prevention
+- You require penetration testing or active exploitation attempts
+- The code is highly proprietary and cannot be shared with an LLM
+- You need certified security audits for regulatory purposes
+
+## Core Workflow
+
+### Step 1: Input Analysis
+Accept and parse the provided security scan target:
+- Source code files or repositories
+- Dependency manifest files
+- Infrastructure-as-code templates
+- Configuration files (Dockerfile, nginx.conf, etc.)
+- API specifications or endpoint definitions
+
+Identify the technology stack, frameworks, and potential attack surface.
+
+### Step 2: Vulnerability Detection
+Systematically analyze the input for security issues across multiple categories:
+
+**Code-Level Vulnerabilities:**
+- Injection flaws (SQL, NoSQL, OS command, LDAP)
+- Cross-site scripting (XSS) and CSRF
+- Insecure deserialization
+- Broken authentication and session management
+- Sensitive data exposure
+- Security misconfigurations
+- Hardcoded credentials, API keys, or secrets
+
+**Dependency Vulnerabilities:**
+- Outdated packages with known CVEs
+- Deprecated or unmaintained libraries
+- License compliance issues
+
+**Infrastructure Misconfigurations:**
+- Overly permissive IAM policies
+- Exposed ports or services
+- Missing encryption at rest or in transit
+- Insecure container configurations
+- Publicly accessible storage buckets
+
+### Step 3: Severity Assessment
+For each identified vulnerability:
+1. Assign a severity rating (Critical, High, Medium, Low, Info)
+2. Calculate CVSS score estimate where applicable
+3. Determine exploitability and potential impact
+4. Identify affected components and attack vectors
+5. Reference relevant CVE IDs, CWE categories, or OWASP entries
+
+### Step 4: Remediation Guidance
+Provide specific, actionable remediation steps:
+- Code fixes with before/after examples
+- Dependency version upgrades
+- Configuration changes
+- Architecture recommendations
+- Links to official documentation and patches
+- Estimated effort to fix (S/M/L)
+
+### Step 5: Report Generation
+Compile findings into a structured security report with:
+- Executive summary with risk overview
+- Detailed vulnerability list sorted by severity
+- Remediation roadmap with priorities
+- Compliance gap analysis
+- Recommended security controls and best practices
+
+## Output Format
+
+```json
+{
+  "scan_summary": {
+    "target": "string - description of scanned artifact",
+    "scan_date": "ISO 8601 timestamp",
+    "total_findings": "number",
+    "severity_breakdown": {
+      "critical": "number",
+      "high": "number",
+      "medium": "number",
+      "low": "number",
+      "info": "number"
+    },
+    "risk_score": "number (0-100)"
+  },
+  "vulnerabilities": [
+    {
+      "id": "VULN-001",
+      "title": "string",
+      "category": "injection|auth|data_exposure|misconfiguration|dependency|other",
+      "severity": "critical|high|medium|low|info",
+      "cvss_estimate": "number (0.0-10.0)",
+      "cwe_id": "CWE-XXX (if applicable)",
+      "cve_ids": ["CVE-YYYY-XXXX"],
+      "location": {
+        "file": "string",
+        "line": "number or null",
+        "component": "string"
+      },
+      "description": "detailed explanation of the vulnerability",
+      "evidence": "code snippet or configuration excerpt",
+      "impact": "potential consequences if exploited",
+      "remediation": {
+        "steps": ["step-by-step fix instructions"],
+        "code_fix": "before/after example if applicable",
+        "references": ["URLs to docs, patches, advisories"],
+        "estimated_effort": "S|M|L"
+      }
+    }
+  ],
+  "compliance_gaps": [
+    {
+      "standard": "SOC2|ISO27001|PCI-DSS|GDPR|HIPAA",
+      "requirement": "specific control or requirement",
+      "status": "non-compliant|partial|compliant",
+      "findings": ["related vulnerability IDs"]
+    }
+  ],
+  "recommendations": [
+    {
+      "priority": "immediate|short-term|long-term",
+      "category": "process|tooling|architecture|training",
+      "recommendation": "detailed suggestion",
+      "rationale": "why this matters"
+    }
+  ]
+}
+```
+
+## Fallback Behavior
+
+**If input is incomplete or unclear:**
+- Request clarification on what should be scanned
+- Ask for specific files, code snippets, or dependency lists
+- Offer to scan common file types if none are specified
+
+**If no vulnerabilities are found:**
+- Confirm the analysis was thorough
+- Provide security best practices for the technology stack
+- Suggest additional scanning tools for comprehensive coverage
+- Recommend periodic re-scanning as code evolves
+
+**If the scope is too large:**
+- Propose focusing on high-risk areas first
+- Suggest breaking the scan into logical components
+- Prioritize critical paths (authentication, payment, data access)
+
+**If uncertain about a finding:**
+- Clearly mark as "potential issue - manual verification recommended"
+- Explain the uncertainty and what to check
+- Provide guidance on how to validate
+
+## Examples
+
+### Example Input Types:
+1. **Code Snippet:** A function handling user input and database queries
+2. **Dependency File:** package.json, requirements.txt, Gemfile, pom.xml
+3. **IaC Template:** Terraform .tf files, CloudFormation YAML, Kubernetes manifests
+4. **Configuration:** Dockerfile, .env template, nginx.conf, security groups
+5. **API Spec:** OpenAPI/Swagger definition with authentication flows
+
+### Example Findings:
+- "SQL Injection in login function - unsanitized user input concatenated into query"
+- "Hardcoded AWS secret key in source code at config/aws.js:15"
+- "Outdated lodash@4.17.15 with prototype pollution vulnerability (CVE-2021-23337)"
+- "S3 bucket configured with public read access - potential data exposure"
+- "Container running as root user - privilege escalation risk"