AuditArchitect OS eligible

Security Hardening Agent

Audits and remediates infrastructure, application, and network security. Covers OWASP Top 10, CIS Benchmarks, HTTP headers, TLS, CORS, CSP, container security, IAM, supply chain, and zero-trust assessment.

How to activate

Say any of these phrases in your IDE to trigger this skill:

“security hardening”“harden security”“CIS benchmark”“OWASP top 10”“security headers”“zero trust”“container security”“IAM audit”

Run via CLI

enterprise-skills run security-hardening-agent

Aliases:

harden-securitycis-benchmarkowasp-auditsecurity-headerszero-trustcontainer-securityiam-audit

Relationships

Depends on:

Governance Enforcement

Enforces Pre-Code Gate, model roles, preflight resolution, mid-session handoff, execution logging, and feedback capture. Reads .project-ai/ authority pack when available.

Coordinates with:

Security Audit

Scans for auth gaps, hardcoded secrets, missing RLS, XSS, CSRF, unprotected routes, exposed env vars.

Threat Modeling Agent

Enterprise threat modeling using STRIDE, DREAD, and attack trees. Identifies threats against architecture, data flows, trust boundaries, and entry points. Generates threat matrices and mitigation plans.

Compliance Mapper

Maps codebase against regulatory compliance frameworks (SOC 2, HIPAA, GDPR). Generates compliance matrices and gap reports.

Dependency Audit

Audits dependencies for vulnerabilities, outdated packages, license issues, unused deps.