creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-26 03:34:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills

Browse Source 
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
This commit is contained in:
mukul975
2026-04-06 11:17:31 +02:00
parent e8105a2f4d
commit efca3ec611
754 changed files with 12847 additions and 2832 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/testing-oauth2-implementation-flaws/SKILL.md
+19 -8
View File
@@ -1,18 +1,29 @@
---
name: testing-oauth2-implementation-flaws
description: >
Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization
code interception, redirect URI manipulation, CSRF in OAuth flows, token leakage, scope
escalation, and PKCE bypass. The tester evaluates the authorization server, client
application, and token handling for common misconfigurations that enable account takeover
or unauthorized access. Activates for requests involving OAuth security testing, OIDC
vulnerability assessment, OAuth2 redirect bypass, or authorization code flow testing.
description: 'Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception,
redirect URI manipulation, CSRF in OAuth flows, token leakage, scope escalation, and PKCE bypass. The tester evaluates the
authorization server, client application, and token handling for common misconfigurations that enable account takeover or
unauthorized access. Activates for requests involving OAuth security testing, OIDC vulnerability assessment, OAuth2 redirect
bypass, or authorization code flow testing.
'
domain: cybersecurity
subdomain: api-security
tags: [api-security, oauth2, oidc, authentication, redirect-uri, token-security]
tags:
- api-security
- oauth2
- oidc
- authentication
- redirect-uri
- token-security
version: 1.0.0
author: mahipal
license: Apache-2.0
nist_csf:
- PR.PS-01
- ID.RA-01
- PR.DS-10
- DE.CM-01
---
# Testing OAuth2 Implementation Flaws