AI Security · Codex Skill

secure-code-skill-cascade

A cascaded, editable security skill system for AI coding agents: one concise root skill, focused modules, scenario tests, portable prompts, and vulnerable patch demos.

Repository Source bundle Launch article

What it includes

A real Codex `secure-code` skill with progressive disclosure.
Ten editable modules for OWASP, ASVS, CWE, auth, input, data, dependencies, cloud, AI-agent security, and verification.
Portable Markdown for Claude Code, Cursor, or other agents.
Scenario composer, validation script, tests, and before/after vulnerable patch demos.

Why Mirogate built it

Security prompts become hard to audit when every rule is copied into one giant instruction block. This project keeps the always-on root small, then loads focused modules only when the task needs them.

Mermaid-rendered diagram showing a user task flowing into the secure-code root skill, then conditional OWASP, ASVS, CWE, auth, input, data, dependency, cloud, and AI-agent security modules, ending in patch, test, and residual risk output. — The same cascade shown in the GitHub README, rendered as a PNG for the website.

npm test
node scripts/compose.mjs --scenario web-api-auth

This is not a scanner, certification, or affiliation with OWASP, MITRE, Claude, Cursor, or OpenAI. It is a practical secure-coding skill architecture for AI-assisted engineering.