This analyzes security through proper frameworks instead of hand-waving about "making things secure." It applies CIA triad, STRIDE, and MITRE ATT&CK to whatever you're looking at, whether that's incident response, threat modeling a new feature, or reviewing architecture decisions. The skill documentation is thorough on theory (defense in depth, zero trust, assume breach) and covers the actual use cases: vulnerability assessments, compliance checks, code reviews, risk quantification. It's opinionated about security fundamentals in a good way. Useful when you need structured security thinking rather than vibes-based "is this secure?" questions, and it knows the difference between confidentiality, integrity, and availability issues.
npx skills add https://github.com/rysweet/amplihack --skill cybersecurity-analyst