This is a comprehensive application security skill built around the OWASP Top 10 2025 and secure SDLC practices. It starts with a strict anti-hallucination protocol that forces verification of security APIs before implementation, which is smart given how costly security mistakes are. The skill pushes a test-driven approach with security tests written first, then implements controls using tools like Semgrep for SAST, OWASP ZAP for DAST, and proper crypto libraries like Argon2. It covers threat modeling with STRIDE, authentication patterns, and DevSecOps automation. Use this when you need to implement security controls, conduct security assessments, or integrate security testing into CI/CD pipelines. The emphasis on verification and citing sources makes it more reliable than generic security advice.
npx skills add https://github.com/martinholovsky/claude-skills-generator --skill appsec-expert