Skills your agents can run
Plug-and-play capabilities — vetted, versioned, and runnable from any Mighty agent.
Perform language- and framework-specific security best-practice reviews and suggest improvements. Use when the user explicitly requests security best-practices guidance, a security review or report, or secure-by-default coding help. Supports Python, JavaScript/TypeScript, and Go. Do NOT use for general code review, debugging, threat modeling (use security-threat-model), or non-security tasks.
Test authentication and session management controls for bypass and account takeover scenarios.
Okta integration. Manage Users. Use when the user wants to interact with Okta data.
This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.
Use when users ask for Hack The Box machine compromise workflows, covering reconnaissance through foothold and privilege escalation.
Authentication and authorization patterns — JWT, OAuth 2.0, sessions, RBAC/ABAC, password security, MFA, and vulnerability prevention. Use when implementing login flows, protecting routes, managing tokens, or auditing auth security.
This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.
This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Suite", or similar web application security testing workflows.