Summary
Create the owasp-infrastructure skill under owasp-infrastructure providing detection checklists, severity guidance, and remediation patterns for the OWASP Infrastructure Security Top 10 (2024) vulnerabilities.
This skill is consumed by the security-reviewer agent (not user-invocable). Content is adapted from JasonTheDeveloper's owasp-skills infrastructure-vulnerabilities skill with hve-core naming and conventions applied.
Acceptance Criteria
Content Source
Adapted from JasonTheDeveloper's owasp-skills infrastructure-vulnerabilities/ skill. Naming convention changed from infrastructure-vulnerabilities to owasp-infrastructure per Discussion #480 terminology alignment.
File Structure
.github/skills/security/owasp-infrastructure/
├── SKILL.md
└── references/
├── 00-vulnerability-index.md
├── 01-outdated-software.md
├── 02-insufficient-threat-detection.md
├── 03-insecure-configurations.md
├── 04-insecure-resource-user-management.md
├── 05-insecure-use-of-cryptography.md
├── 06-insecure-network-access-management.md
├── 07-insecure-authentication-default-credentials.md
├── 08-information-leakage.md
├── 09-insecure-access-resources-management-components.md
└── 10-insufficient-asset-management-documentation.md
Summary
Create the
owasp-infrastructureskill under owasp-infrastructure providing detection checklists, severity guidance, and remediation patterns for the OWASP Infrastructure Security Top 10 (2024) vulnerabilities.This skill is consumed by the
security-revieweragent (not user-invocable). Content is adapted from JasonTheDeveloper's owasp-skillsinfrastructure-vulnerabilitiesskill with hve-core naming and conventions applied.Acceptance Criteria
SKILL.md exists with valid frontmatter
name: owasp-infrastructurematches directory namedescriptionends with- Brought to you by microsoft/hve-coreuser-invocable: falsemetadata.content_based_onreferences OWASP Infrastructure Top 10 source URLreferences/directory contains 11 files:01-outdated-software.md02-insufficient-threat-detection.md03-insecure-configurations.md04-insecure-resource-user-management.md05-insecure-use-of-cryptography.md06-insecure-network-access-management.md07-insecure-authentication-default-credentials.md08-information-leakage.md09-insecure-access-resources-management-components.md10-insufficient-asset-management-documentation.mdEach reference file follows the 7-section pattern: Description → Risk → Vulnerability Checklist → Prevention Controls → Example Attacks → Detection Guidance → Remediation
SKILL.md body references the vulnerability index and instructs the agent on how to traverse references
npm run validate:skillspasses for this skillContent Source
Adapted from JasonTheDeveloper's owasp-skills
infrastructure-vulnerabilities/skill. Naming convention changed frominfrastructure-vulnerabilitiestoowasp-infrastructureper Discussion #480 terminology alignment.File Structure
.github/skills/security/owasp-infrastructure/ ├── SKILL.md └── references/ ├── 00-vulnerability-index.md ├── 01-outdated-software.md ├── 02-insufficient-threat-detection.md ├── 03-insecure-configurations.md ├── 04-insecure-resource-user-management.md ├── 05-insecure-use-of-cryptography.md ├── 06-insecure-network-access-management.md ├── 07-insecure-authentication-default-credentials.md ├── 08-information-leakage.md ├── 09-insecure-access-resources-management-components.md └── 10-insufficient-asset-management-documentation.md