Summary
Create the owasp-top-10 skill under .github/skills/security/owasp-top-10/ providing detection checklists, severity guidance, and remediation patterns for the OWASP Top 10 2021 web application vulnerabilities.
This skill is consumed by the security-reviewer agent (not user-invocable). Content is adapted from JasonTheDeveloper's owasp-skills web-vulnerabilities skill with hve-core naming and conventions applied.
Acceptance Criteria
Content Source
Adapted from JasonTheDeveloper's owasp-skills web-vulnerabilities/ skill. Naming convention changed from web-vulnerabilities to owasp-top-10 per Discussion #480 terminology alignment.
File Structure
.github/skills/security/owasp-top-10/
├── SKILL.md
└── references/
├── 00-vulnerability-index.md
├── 01-broken-access-control.md
├── 02-cryptographic-failures.md
├── 03-injection.md
├── 04-insecure-design.md
├── 05-security-misconfiguration.md
├── 06-vulnerable-outdated-components.md
├── 07-identification-authentication-failures.md
├── 08-software-data-integrity-failures.md
├── 09-security-logging-monitoring-failures.md
└── 10-server-side-request-forgery.md
Dependencies
Depends on collection rename (#792) for directory path .github/skills/security/.
Summary
Create the
owasp-top-10skill under.github/skills/security/owasp-top-10/providing detection checklists, severity guidance, and remediation patterns for the OWASP Top 10 2021 web application vulnerabilities.This skill is consumed by the
security-revieweragent (not user-invocable). Content is adapted from JasonTheDeveloper's owasp-skillsweb-vulnerabilitiesskill with hve-core naming and conventions applied.Acceptance Criteria
.github/skills/security/owasp-top-10/SKILL.mdexists with valid frontmattername: owasp-top-10matches directory namedescriptionends with- Brought to you by microsoft/hve-coreuser-invocable: falsemetadata.content_based_onreferences OWASP Top 10 source URLreferences/directory contains 11 files:00-vulnerability-index.md— summary table with all 10 vulnerabilities01-broken-access-control.md02-cryptographic-failures.md03-injection.md04-insecure-design.md05-security-misconfiguration.md06-vulnerable-outdated-components.md07-identification-authentication-failures.md08-software-data-integrity-failures.md09-security-logging-monitoring-failures.md10-server-side-request-forgery.mdSKILL.mdbody references the vulnerability index and instructs the agent on how to traverse referencesnpm run validate:skillspasses for this skillContent Source
Adapted from JasonTheDeveloper's owasp-skills
web-vulnerabilities/skill. Naming convention changed fromweb-vulnerabilitiestoowasp-top-10per Discussion #480 terminology alignment.File Structure
Dependencies
Depends on collection rename (#792) for directory path
.github/skills/security/.