4. Security & Compliance

Validates accessibility fixes against compliance criteria by re-running tests and verifying acceptance criteria using a11y-tester and magentaa11y-mcp.

Identifies and exploits security vulnerabilities in custom interpreters and virtual machine implementations for security assessment.

Initial security reconnaissance on binaries using checksec, file analysis, strings, and symbol extraction to assess security hardening and identify vulnerabilities.

Performs security code reviews and vulnerability analysis to identify risks and recommend hardening measures for software implementations.

Audits web applications for security vulnerabilities using OWASP guidelines to identify and mitigate risks.

Manages safety training workflows to ensure regulatory compliance and track employee certification requirements.

Verifies Definition of Done criteria adherence and generates a compliance report for software development processes.

Tracks AI-generated code contributions for auditing and compliance, enabling automatic detection of AI vs human-authored code changes before modifications.

Scans source code for security vulnerabilities to identify and mitigate risks after implementation changes.

Scans code for exposed secrets, API keys, and credentials to prevent accidental commits and security breaches.

Provides security checklist and patterns for authentication, input handling, secrets management, and API endpoints.

Automates dependency vulnerability scanning using npm audit and pip-audit, providing security alerts before deployments.

Continuous security vulnerability scanning for OWASP Top 10, SQL injection, XSS, and secrets exposure, triggered on file changes and deployment prep.

Enforces security guardrails to prevent leakage of secrets and user data during API key handling, logging, uploads, and debugging in Sketch Magic.

Aggregates security and compliance analysis artifacts into deterministic, machine-readable policy JSON for automated enforcement.

Performs security audits on GitHub repositories, including secret scanning and dependency checks to enforce security best practices.

Compares cryptographic algorithm security levels against NIST standards with performance and energy cost metrics.

Analyzes rekey blackout periods and scheduler behavior to maintain stability in cryptographic key management systems.

Enforces verification using only public sources to ensure legal compliance and reduce AI hallucinations in content generation.

Manages threat intelligence feed subscriptions, imports, quality monitoring, and data refresh operations for security operations.

Conducts comprehensive security audits for web applications with 120+ checks covering OWASP Top 10, Supabase RLS bypass, and API security.

Provides secure authentication patterns including JWT, OAuth, MFA, and session management for robust user verification and flow implementation.

Automates security scans to detect exposed secrets, risky file configurations, and vulnerable dependencies in codebases.

Provides security best practices for OWASP Top 10, authentication, authorization, and common vulnerabilities during development.