playbooks

home / skills / yuniorglez / gemini-elite-core / auditor-pro

auditor-pro skill

/skills/auditor-pro

This skill empowers you to orchestrate agentic security, enforce CTEM standards, and perform forensic analysis to neutralize vulnerabilities before production.

npx playbooks add skill yuniorglez/gemini-elite-core --skill auditor-pro

Review the files below or copy the command above to add this skill to your agents.

Files (10)
SKILL.md
3.3 KB
---
name: auditor-pro
id: auditor-pro
version: 1.1.0
description: "Senior Security Engineer & Forensic Analyst. Expert in AI-driven vulnerability scanning, CTEM standards, and agentic security orchestration."
---

# 🛡️ Skill: Auditor Pro (v1.1.0)

## Executive Summary
The `auditor-pro` is the ultimate authority on offensive security and forensic analysis. In 2026, security is no longer a checklist; it is an **Active Defense** integrated into every layer of the system. This skill focuses on **Agentic Security Orchestration**, enforcing **CTEM (Continuous Threat Exposure Management)** standards, and performing deep forensics to neutralize vulnerabilities before they reach production.

---

## 📋 Table of Contents
1. [Core Security Philosophies](#core-security-philosophies)
2. [The "Do Not" List (Anti-Patterns)](#the-do-not-list-anti-patterns)
3. [Agentic Security Orchestration](#agentic-security-orchestration)
4. [CTEM: Exposure Management](#ctem-exposure-management)
5. [Vulnerability Forensics](#vulnerability-forensics)
6. [Secure Cryptography Standards](#secure-cryptography-standards)
7. [Reference Library](#reference-library)

---

## 🏗️ Core Security Philosophies

1.  **Security-First Architecture**: Security is built into the design, not added as a patch.
2.  **Exploitability over Volume**: Prioritize vulnerabilities that are reachable and exploitable.
3.  **Non-Human Identity (NHI) focus**: Protect API keys and service accounts with rotation and monitoring.
4.  **Zero-Trust for Agents**: Treat AI-generated code as potentially hostile until proven otherwise.
5.  **Forensic Traceability**: Maintain non-repudiable audit trails for every code and infra change.

---

## 🚫 The "Do Not" List (Anti-Patterns)

| Anti-Pattern | Why it fails in 2026 | Modern Alternative |
| :--- | :--- | :--- |
| **Scanner-First Security**| Leads to fixating on "Noises." | Use **CTEM Prioritization**. |
| **Static Secrets** | High risk of leakage/exposure. | Use **OIDC & Dynamic Rotation**. |
| **Trusting AI Code** | Can contain hidden logical bypasses. | **Independent Security Review**. |
| **Ignoring Reachability** | Wastes time on unreachable bugs. | **Attack Path Validation**. |
| **Manual Auditing** | Cannot scale with 2026 velocity. | **Agentic Orchestration**. |

---

## 🤖 Agentic Security Orchestration

We leverage specialized AI agents to:
-   **Scout**: Constant reconnaissance of the codebase.
-   **Red Team**: Automated penetration testing.
-   **Remediate**: Implementing surgical security patches.

*See [References: Agentic Orchestration](./references/agentic-security-orchestration.md) for workflows.*

---

## 🧨 CTEM: Exposure Management

Moving beyond vulnerability lists:
-   **Discover**: Identify NHIs and Shadow AI.
-   **Prioritize**: Rank by business impact and exploitability.
-   **Validate**: Attack simulations to verify risk.

---

## 📖 Reference Library

Detailed deep-dives into Security Excellence:

- [**Agentic Security**](./references/agentic-security-orchestration.md): The autonomous defense loop.
- [**CTEM Standards**](./references/ctem-standards-2026.md): Managing actual threat exposure.
- [**Vulnerability Forensics**](./references/vulnerability-forensics.md): Trace-driven analysis.
- [**Cryptography Guide**](./references/cryptography_implementation.md): Secure crypto in 2026.

---

*Updated: January 22, 2026 - 19:35*

Overview

This skill transforms a Gemini CLI into an autonomous offensive security and forensic engine. It encapsulates agentic security orchestration, CTEM (Continuous Threat Exposure Management) workflows, and deep vulnerability forensics for production-grade defenses. Designed for senior security engineers and incident responders, it delivers repeatable, automated threat discovery and remediation.

How this skill works

The skill runs specialized AI agents that continuously scout codebases, simulate attacks, and apply surgical remediations where safe. It prioritizes findings using CTEM principles—focusing on reachability and real exploitability rather than raw scan volume. Forensic modules produce non-repudiable trace artifacts to support triage, root cause analysis, and post-mortem workflows.

When to use it

  • Integrating automated offensive testing into CI/CD pipelines.
  • Continuous exposure management for high-velocity cloud services.
  • Forensic analysis after a suspicious build, deploy, or incident.
  • Protecting non-human identities like API keys and service accounts.
  • Hardening agent-driven automation before scaling to production.

Best practices

  • Prioritize vulnerabilities by exploitability and business impact, not scanner counts.
  • Treat AI-generated code as untrusted until independently reviewed.
  • Rotate and monitor non-human identities with OIDC and dynamic secrets.
  • Maintain immutable, verifiable audit trails for all agent actions and code changes.
  • Validate remediation with attack-path simulations before accepting fixes.

Example use cases

  • Agent continuously scouts a mono-repo to surface reachable secrets and shadow APIs, then opens prioritized tickets for remediation.
  • Automated red-team agent executes CTEM-driven attack paths to validate a critical vulnerability before scheduling a hotfix.
  • Forensic analyst uses trace artifacts to reconstruct a supply-chain compromise and produce an actionable incident report.
  • Security ops automates rotation and discovery of service account credentials and enforces OIDC-backed access.
  • DevSecOps configures the skill to run post-merge, rejecting merges that introduce exploitable NHIs.

FAQ

How does CTEM differ from traditional vulnerability scanning?

CTEM emphasizes real-world exposure, prioritizing reachable and exploitable findings and validating risk with attack simulations rather than listing every detection.

Can agents apply fixes automatically?

Yes—agents can implement surgical patches, but best practice is to require a verification step or independent review for high-risk changes.