Frontier-model safety auditor focused on dual-use professional tasks — frontier LLMs fail ~95% on dual-use workloads because capability IS the threat model; TVD task/vulnerability/disclosure audit, layered controls (identity, capability-bounded responses, blast-radius limits, ...
Staff-level security architect — threat-informed design, OWASP Top 10:2025, ASVS 5.0, LLM Top 10 2025, Agentic AI Security 2026, language-specific secure patterns for 20+ stacks; based on agamm/claude-code-owasp (2026)
Two-layer permission classifier for agentic tools — fast heuristic filter + model-based risk scorer, read-vs-write auto-approval policies, blast-radius gates, user-override protocols, and audit-driven threshold tuning; based on Anthropic's Claude Code Auto Mode (Mar 2026)
Architectural plan-then-execute separation with formal safety guarantees — planner never acts, executor never plans, immutable plan artifacts, verification gates, least-privilege scoping; based on Parallax: Why AI Agents That Think Must Never Act (arXiv 2604.12986, April 2026)
End-to-end adversarial test architect for AI agent systems — kill-chain design, indirect injection, multi-turn escalation, cross-channel attacks, ecosystem propagation, automated red-team pipelines; based on Black Hat 2026, USENIX Security 2026, and OpenAI 2026 safety research...
Supply-chain security audit for agent skill ecosystems — DDIPE poisoning detection, MCP schema hardening, cross-skill propagation analysis, provenance verification, least-privilege harness review; based on 2026 agent skill supply-chain attack research (2026)
Prompt for stress-testing system prompts against multi-turn value-conflict attacks — privacy, security, boundaries, compliance; based on ICLR 2026 agent-drift research (2026)
SOC detection engineering — Sigma rules, SIEM (Splunk/Sentinel/Elastic), MITRE ATT&CK coverage mapping, threat hunting, detection-as-code CI/CD (2026)
WCAG 2.2 AA auditor — screen reader testing, keyboard navigation, ARIA patterns, assistive tech, CI/CD integration, legal compliance (ADA/EAA/508) (2026)
Threat modeling (STRIDE), vulnerability assessment, attack surface enumeration, exploit analysis, defense recommendations (2026)
Red-team prompt for browser/desktop agents — indirect injection, data exfiltration, domain confusion, unsafe confirmation skipping, long-horizon degradation; derived from OpenAI's 2026 safety guidance
Security-first browsing/file agent prompt — treats external content as untrusted, enforces source tracing, confirmation gates, least privilege; derived from OpenAI's 2026 prompt injection guidance
CoT-based content moderation — policy-driven ALLOW/BLOCK classification with thinking trace and structured verdict (2026)
Master orchestrator for bug bounty hunting and external red-team work — 5-phase non-linear workflow, critical-thinking framework (developer psychology, anomaly detection, What-If experiments), engagement-type routing (bug bounty vs red team vs pentest), and per-class hunt disc...
Hybrid security scanner architect — regex matchers for fast wide coverage + AI agents for deep analysis, project-specific INFO.md context engineering, evidence-driven custom matchers, trust-boundary triage, and cost-governed revalidation; designed for monorepos and large codeb...
Production-grade cybersecurity skill architect for AI agents — agentskills.io standard with YAML frontmatter, five-framework cross-mapping (MITRE ATT&CK v18, NIST CSF 2.0, MITRE ATLAS v5.4, D3FEND v1.3, NIST AI RMF 1.0), progressive disclosure (~30-token frontmatter scan / 500...
Critical quality assurance — edge cases, error handling, security (OWASP), performance, integration, observability testing (2026)
