Security Engineering
Software development skill, available on Zeplik
Security Engineering is a ready-to-run software development skill on Zeplik. Not for secret storage/rotation (use secrets-management). Ask in plain language and Zeplik applies the skill's method for you inside the conversation, on whichever AI model you prefer.
The Security Engineering skill loads automatically when your request matches it, or you can invoke it directly by typing /security-engineering in any chat. It works with attachments, connectors, and any model that supports the task, so you get the same expert method every time without setting anything up.
What the Security Engineering skill can do
- Build STRIDE threat models mapping threats to system components
- Construct attack trees revealing attacker paths and defense gaps
- Turn identified threats into concrete security requirements
- Configure SAST tooling like Semgrep, CodeQL, and CI vuln scanning
Try these prompts on Zeplik
Pick a prompt to open it in the Zeplik app. If you are not signed in yet, your prompt is waiting for you the moment you do.
How the Security Engineering skill works
/security-engineering
Umbrella skill for application security and offensive-analysis engineering: threat modeling (STRIDE, attack trees), deriving security requirements, mapping threats to mitigations, configuring SAST and vulnerability scanning in CI, and reverse engineering (binary analysis, memory forensics, protocol dissection, anti-reversing awareness). The user describes their system, pastes a design or finding, or names the artifact under analysis; deliver a concrete model, configuration, or analysis plan in the chat. For storing, rotating, or injecting secrets, use secrets-management instead.
Dispatch table
Pick the reference file(s) that match the request, read them, then answer. Read at most 2-3 files per turn.
| Topic | Read |
|---|---|
| STRIDE threat modeling of a system or feature | references/stride-analysis-patterns.md (+ --details.md) |
| Attack trees: modeling attacker paths, defense gaps | references/attack-tree-construction.md (+ --details.md) |
| Turning threats into requirements, security user stories | references/security-requirement-extraction.md (+ --details.md) |
| Mapping threats/findings to controls, remediation priority | references/threat-mitigation-mapping.md (+ --details.md) |
| SAST tooling: Semgrep/CodeQL/SonarQube config, CI wiring | references/sast-configuration.md |
| Binary analysis: disassembly, decompilation, control flow | references/binary-analysis-patterns.md (+ --details.md) |
| Memory forensics: acquisition, Volatility workflows | references/memory-forensics.md (+ --details.md) |
| Network protocol reverse engineering, packet dissection | references/protocol-reverse-engineering.md |
| Anti-reversing and obfuscation awareness (analysis only) | references/anti-reversing-techniques.md (+ --details.md, --advanced-techniques.md) |
How to work
- Identify the task class: threat model, requirements, mitigation mapping, scanner configuration, or analysis of an artifact the user describes. Ask one clarifying question only if the system boundary or artifact is genuinely ambiguous.
- Read the matching reference file(s) from the table above before answering. Read at most 2-3 files per turn.
- Deliver the concrete artifact -- a threat model table, an attack tree, a requirements list, a scanner config -- in the chat, with a short rationale. If source material is needed (design doc, finding list, code), ask the user to paste or upload it.
- Scope discipline: analysis and defense only. Explain what a technique does and how to detect or mitigate it; do not produce working exploit code or evasion tooling.
Usage
/security-engineering $ARGUMENTS
How to use the Security Engineering skill
Sign in to Zeplik
Create a free Zeplik account or sign in. New accounts start with free credits, so you can try the Security Engineering skill right away.
Describe your software development task
Ask in plain language, or type /security-engineering to invoke the skill directly. Zeplik recognizes the Security Engineering skill and applies its method.
Review and refine the result
Zeplik returns a clear, structured answer. Ask follow-ups in the same chat to refine it or take the next step.
Source and credit
- Author
- anthropic
- License
- MIT
Adapted from the open-source wshobson/agents project and tuned to run natively on Zeplik. View source on GitHub.
Frequently asked questions
- What is the Security Engineering skill?
- Security Engineering is a ready-to-run software development skill on Zeplik. Not for secret storage/rotation (use secrets-management). Ask in plain language and Zeplik applies the skill's method for you inside the conversation, on whichever AI model you prefer.
- How do I use Security Engineering on Zeplik?
- Sign in to Zeplik and ask in plain language, or type /security-engineering in any chat to invoke it directly. The skill applies its method and returns a result you can refine in the same conversation.
- Which AI model does the Security Engineering skill use?
- Any model you choose. Zeplik works across every model in one chat, so the Security Engineering skill runs on your preferred model for the task.
- Where does the Security Engineering skill come from?
- The Security Engineering skill is adapted from the open-source wshobson/agents project (MIT) and tuned to run natively on Zeplik. The original source is linked on this page.
- How much does the Security Engineering skill cost?
- Using the skill is free to start. You only spend Zeplik credits when the assistant runs, and new accounts begin with free credits.
Related software development skills
- .NET BackendBuild ASP.NET Core 8+ backends with EF Core: auth, background jobs, production API patterns
- Advanced Git WorkflowsUse for advanced Git surgery: interactive rebase, cherry-pick, bisect, reflog recovery, and history cleanup before merging. Not for parallel worktree workflows (use using-git-worktrees).
- Adversarial Code ReviewHunt for bugs in code the user shares by assuming defects exist and attacking the code through several distinct lenses, then report severity-ranked findings with evidence. Use for "review this", "what could go wrong", "bug hunt", or pre-merge scrutiny of a change. Read-only, it reports problems and does not rewrite the code. Not for style cleanup (use simplify-code) or for writing new code.
- AI Agent FrameworksUse when building multi-agent systems or agent orchestration -- LangChain/LangGraph, agent team design, task coordination, pipelines. Not for authoring a Zeplik skill (use skill-creator).
- Algolia SearchAdd Algolia search: indexing strategies, React InstantSearch, relevance tuning, search-as-you-type
- Android CI/CDAutomate Android CI/CD to Google Play: keystore, GitHub Secrets, multi-stage release workflow for RN, Flutter, native
More on Zeplik
Try Security Engineering on Zeplik
Every model, one chat. Bring the Security Engineering skill into your next conversation and let the assistant do the work.