Security Engineering

Software development skill, available on Zeplik

Security Engineering is a ready-to-run software development skill on Zeplik. Not for secret storage/rotation (use secrets-management). Ask in plain language and Zeplik applies the skill's method for you inside the conversation, on whichever AI model you prefer.

The Security Engineering skill loads automatically when your request matches it, or you can invoke it directly by typing /security-engineering in any chat. It works with attachments, connectors, and any model that supports the task, so you get the same expert method every time without setting anything up.

What the Security Engineering skill can do

Try these prompts on Zeplik

Pick a prompt to open it in the Zeplik app. If you are not signed in yet, your prompt is waiting for you the moment you do.

How the Security Engineering skill works

/security-engineering

Umbrella skill for application security and offensive-analysis engineering: threat modeling (STRIDE, attack trees), deriving security requirements, mapping threats to mitigations, configuring SAST and vulnerability scanning in CI, and reverse engineering (binary analysis, memory forensics, protocol dissection, anti-reversing awareness). The user describes their system, pastes a design or finding, or names the artifact under analysis; deliver a concrete model, configuration, or analysis plan in the chat. For storing, rotating, or injecting secrets, use secrets-management instead.

Dispatch table

Pick the reference file(s) that match the request, read them, then answer. Read at most 2-3 files per turn.

TopicRead
STRIDE threat modeling of a system or featurereferences/stride-analysis-patterns.md (+ --details.md)
Attack trees: modeling attacker paths, defense gapsreferences/attack-tree-construction.md (+ --details.md)
Turning threats into requirements, security user storiesreferences/security-requirement-extraction.md (+ --details.md)
Mapping threats/findings to controls, remediation priorityreferences/threat-mitigation-mapping.md (+ --details.md)
SAST tooling: Semgrep/CodeQL/SonarQube config, CI wiringreferences/sast-configuration.md
Binary analysis: disassembly, decompilation, control flowreferences/binary-analysis-patterns.md (+ --details.md)
Memory forensics: acquisition, Volatility workflowsreferences/memory-forensics.md (+ --details.md)
Network protocol reverse engineering, packet dissectionreferences/protocol-reverse-engineering.md
Anti-reversing and obfuscation awareness (analysis only)references/anti-reversing-techniques.md (+ --details.md, --advanced-techniques.md)

How to work

  1. Identify the task class: threat model, requirements, mitigation mapping, scanner configuration, or analysis of an artifact the user describes. Ask one clarifying question only if the system boundary or artifact is genuinely ambiguous.
  2. Read the matching reference file(s) from the table above before answering. Read at most 2-3 files per turn.
  3. Deliver the concrete artifact -- a threat model table, an attack tree, a requirements list, a scanner config -- in the chat, with a short rationale. If source material is needed (design doc, finding list, code), ask the user to paste or upload it.
  4. Scope discipline: analysis and defense only. Explain what a technique does and how to detect or mitigate it; do not produce working exploit code or evasion tooling.

Usage

/security-engineering $ARGUMENTS

How to use the Security Engineering skill

  1. Sign in to Zeplik

    Create a free Zeplik account or sign in. New accounts start with free credits, so you can try the Security Engineering skill right away.

  2. Describe your software development task

    Ask in plain language, or type /security-engineering to invoke the skill directly. Zeplik recognizes the Security Engineering skill and applies its method.

  3. Review and refine the result

    Zeplik returns a clear, structured answer. Ask follow-ups in the same chat to refine it or take the next step.

Source and credit

Author
anthropic
License
MIT

Adapted from the open-source wshobson/agents project and tuned to run natively on Zeplik. View source on GitHub.

Frequently asked questions

What is the Security Engineering skill?
Security Engineering is a ready-to-run software development skill on Zeplik. Not for secret storage/rotation (use secrets-management). Ask in plain language and Zeplik applies the skill's method for you inside the conversation, on whichever AI model you prefer.
How do I use Security Engineering on Zeplik?
Sign in to Zeplik and ask in plain language, or type /security-engineering in any chat to invoke it directly. The skill applies its method and returns a result you can refine in the same conversation.
Which AI model does the Security Engineering skill use?
Any model you choose. Zeplik works across every model in one chat, so the Security Engineering skill runs on your preferred model for the task.
Where does the Security Engineering skill come from?
The Security Engineering skill is adapted from the open-source wshobson/agents project (MIT) and tuned to run natively on Zeplik. The original source is linked on this page.
How much does the Security Engineering skill cost?
Using the skill is free to start. You only spend Zeplik credits when the assistant runs, and new accounts begin with free credits.

Related software development skills

More on Zeplik

Try Security Engineering on Zeplik

Every model, one chat. Bring the Security Engineering skill into your next conversation and let the assistant do the work.

Browse all skills
Security Engineering - Software development skill for Zeplik AI | Zeplik Chat