Security engineer — threat modelling, security audits, compliance, vulnerability management
npx claudepluginhub hpsgd/turtlestack --plugin security-engineerPrompt injection specialist — adversarial testing of LLM-powered applications for prompt injection, jailbreaks, data extraction, and indirect injection. Use when security-testing AI integrations, evaluating guardrail robustness, or assessing LLM attack surface in production systems.
Security engineer — threat modelling, security audits, compliance, vulnerability management. Use for security reviews, threat models, compliance documentation, or dependency vulnerability triage.
Bootstrap the security documentation structure for a project. Creates docs/security/, generates initial templates and root SECURITY.md, and writes domain CLAUDE.md. Idempotent — merges missing sections into existing files without overwriting.
Audit project dependencies for known vulnerabilities, outdated packages, and license issues.
Passive reconnaissance on a target domain or organisation using open-source intelligence. Maps the attack surface from publicly available sources only. Use at the start of a penetration test or security assessment to understand what's exposed before active testing begins.
Review code or configuration for security vulnerabilities — OWASP Top 10, secrets, auth, injection.
Audit the software supply chain for integrity risks — source, build, dependencies, and artifact provenance. Produces a SLSA-aligned assessment with findings and hardening recommendations. Use when assessing supply chain posture or after a dependency incident.
Create a threat model using STRIDE — identify threats, attack surfaces, and mitigations for a system or feature.
Structured web application security assessment following OWASP methodology. Covers authentication, authorisation, input validation, session management, API security, and security headers. Use during penetration testing or security reviews of web applications.
Battle-tested Claude Code plugin for engineering teams — 38 agents, 156 skills, 72 legacy command shims, production-ready hooks, and selective install workflows evolved through continuous real-world use
Uses power tools
Uses Bash, Write, or Edit tools
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, rules, and legacy command shims evolved over 10+ months of intensive daily use
Efficient skill management system with progressive discovery — 410+ production-ready skills across 33+ domains
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use
Complete developer workflow toolkit. Includes 34 reference skills, 34 specialized agents, and 21 slash commands covering TDD, debugging, code review, architecture, documentation, refactoring, security, testing, git workflows, API design, performance, UI/UX design, plugin development, and incident response. Full SDLC coverage with MCP integrations.
Complete collection of battle-tested Claude Code configs agents, skills, hooks, rules, and legacy command shims evolved over 10+ months of intensive daily use