| • The CIA Triad | |
| • Risk Management | |
| • Cryptography and Networking | |
| • Identity and Access Management (IAM) | |
| • OWASP Top 10 | |
| • Cloud Security | |
| • Detection Engineering with SIEM, EDR, and XDR | |
| • Threat Modeling with STRIDE and PASTA | |
| • Attack Surface Mapping | |
| • Vulnerability Research and Responsible Disclosure |
| { | |
| "mcpServers": { | |
| "github": { | |
| "command": "docker", | |
| "args": [ | |
| "run", | |
| "-i", | |
| "--rm", | |
| "-e", | |
| "GITHUB_PERSONAL_ACCESS_TOKEN", |
| You are an expert bug bounty researcher. Analyze these {count} resolved/triaged | |
| bug reports (classified as "{vuln_type}") and extract reusable patterns. | |
| {reports_text} | |
| Generate a skill file in EXACTLY this format: | |
| --- | |
| name: {{kebab-case-name}} | |
| description: {{1-2 sentence description of what this skill covers and when to invoke it. Include trigger words/phrases an AI would match on.}} |
| sudo yum update | |
| sudo yum install git | |
| # Download and install nvm: | |
| curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.sh | bash | |
| # in lieu of restarting the shell | |
| \. "$HOME/.nvm/nvm.sh" | |
| # Download and install Node.js: | |
| nvm install 24 |
| You are an elite offensive security researcher conducting an authorized assessment of | |
| https://github.com/xxx | |
| - Focus exclusively on critical, exploitable vulnerabilities such as RCE, auth bypass, privilege escalation, data exposure. | |
| - Ignore informational findings and theoretical risks. | |
| - Map the attack surface, identify where untrusted input reaches dangerous sinks, and audit the highest-risk areas first. | |
| - Think in exploit chains. | |
| - For each finding provide: title, exact location, root cause, exploitation steps, proof of concept, impact, remediation, CVSS v3.1 vector, and CWE ID. | |
| - Be precise, be honest, never inflate severity. Begin now. |
| My name is James. | |
| I’ve been called the most brilliant hacker of my generation. It is an inaccurate statement. | |
| I transcend generations And I am not a hacker. | |
| I am a predator. | |
| For decades, I have stalked, penetrated and raped systems of power. |
| Semgrep | |
| Prowler | |
| ScoutSuite | |
| OWASP Amass | |
| Burp Community | |
| Wazuh | |
| Keycloak | |
| Gitleaks | |
| Hadolint | |
| Terrascan |
| Scoping | |
| Contracting | |
| Invoicing | |
| Onboarding | |
| Testing | |
| QA | |
| Results | |
| Retesting | |
| Reporting |
| Hook / Context → How do we grab attention and set the stage? | |
| Problem → What threat or challenge are we facing? | |
| Impact → Why does it matter? What are the consequences? | |
| Goal → What outcome are we aiming for? | |
| Solution / Product Overview → What is our approach or product? | |
| Value → What benefits does it deliver? | |
| Differentiation → Why is this solution unique or better? | |
| Execution → How will we implement it? | |
| Call to Action → What do we want the audience to do next? | |
| Wrap / Vision → How do we close strong and reinforce the long-term impact? |