ReddRadar
Agent skill
secure-coding-training-skill
Developer security training and assessment for secure coding practices and vulnerability prevention
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/security-compliance/skills/secure-coding-training-skill
SKILL.md
Secure Coding Training Skill
Purpose
Deliver and manage developer security training programs to improve secure coding practices, assess developer security knowledge, and track training effectiveness in reducing vulnerabilities.
Capabilities
Training Module Delivery
- Deliver language-specific secure coding modules
- Provide framework-specific security training
- Offer vulnerability-focused lessons (OWASP Top 10)
- Present hands-on coding challenges
- Assign interactive security labs
- Schedule training pathways by role
Knowledge Assessment
- Generate skill assessment quizzes
- Create coding-based security challenges
- Measure comprehension through practical tests
- Track knowledge retention over time
- Compare against industry benchmarks
- Certify competency levels
Gap Identification
- Analyze assessment results for knowledge gaps
- Correlate with actual vulnerability findings
- Identify team-level weaknesses
- Map gaps to training modules
- Prioritize training needs
- Track improvement over time
Training Path Recommendations
- Recommend personalized learning paths
- Suggest role-appropriate modules
- Prioritize based on project needs
- Adapt to technology stack
- Consider compliance requirements
- Update based on threat landscape
Certification Management
- Issue training completion certificates
- Track certification expiration
- Manage recertification requirements
- Generate compliance reports
- Maintain training transcripts
- Support audit requests
Effectiveness Measurement
- Correlate training with vulnerability reduction
- Track secure code review metrics
- Measure time to remediation improvement
- Compare pre/post training assessments
- Generate ROI reports
- Monitor long-term behavior change
Training Modules
By Language
- Java security best practices
- Python secure coding
- JavaScript/Node.js security
- C/C++ memory safety
- Go security patterns
- .NET security guidelines
By Vulnerability Type
- Injection prevention (SQL, XSS, LDAP)
- Authentication/authorization security
- Cryptographic best practices
- Input validation techniques
- Output encoding strategies
- Secure session management
By Framework
- Spring Security
- Django security
- Express.js security
- ASP.NET Core security
- React security patterns
- Angular security best practices
Integrations
- Secure Code Warrior: Interactive secure coding training
- HackEDU: Hands-on security training
- OWASP WebGoat: Deliberately insecure application
- Kontra: Application security training
- Immersive Labs: Cyber skills development
- Security Journey: Secure development training
Target Processes
- Security Awareness Training Program
- Secure SDLC Implementation
- Developer Onboarding
- Compliance Training Requirements
Input Schema
{
"type": "object",
"properties": {
"trainingType": {
"type": "string",
"enum": ["assessment", "module-delivery", "certification", "gap-analysis", "path-recommendation"],
"description": "Type of training activity"
},
"targetAudience": {
"type": "object",
"properties": {
"developers": { "type": "array", "items": { "type": "string" } },
"teams": { "type": "array", "items": { "type": "string" } },
"roles": { "type": "array", "items": { "type": "string" } }
}
},
"technologies": {
"type": "array",
"items": { "type": "string" },
"description": "Programming languages and frameworks"
},
"vulnerabilityFocus": {
"type": "array",
"items": {
"type": "string",
"enum": ["injection", "broken-auth", "xss", "insecure-deserialization", "ssrf", "access-control", "crypto", "logging"]
}
},
"complianceRequirements": {
"type": "array",
"items": {
"type": "string",
"enum": ["PCI-DSS", "HIPAA", "SOC2", "GDPR", "FedRAMP"]
}
},
"assessmentDifficulty": {
"type": "string",
"enum": ["beginner", "intermediate", "advanced", "expert"]
}
},
"required": ["trainingType"]
}
Output Schema
{
"type": "object",
"properties": {
"activityId": {
"type": "string"
},
"trainingType": {
"type": "string"
},
"timestamp": {
"type": "string",
"format": "date-time"
},
"participantSummary": {
"type": "object",
"properties": {
"totalParticipants": { "type": "integer" },
"completedTraining": { "type": "integer" },
"inProgress": { "type": "integer" },
"notStarted": { "type": "integer" }
}
},
"assessmentResults": {
"type": "object",
"properties": {
"averageScore": { "type": "number" },
"passingRate": { "type": "number" },
"topPerformers": { "type": "array" },
"needsImprovement": { "type": "array" }
}
},
"knowledgeGaps": {
"type": "array",
"items": {
"type": "object",
"properties": {
"topic": { "type": "string" },
"gapSeverity": { "type": "string" },
"affectedDevelopers": { "type": "integer" },
"recommendedModules": { "type": "array" }
}
}
},
"trainingPaths": {
"type": "array",
"items": {
"type": "object",
"properties": {
"developerId": { "type": "string" },
"recommendedModules": { "type": "array" },
"estimatedDuration": { "type": "string" },
"priority": { "type": "string" }
}
}
},
"certifications": {
"type": "array",
"items": {
"type": "object",
"properties": {
"developerId": { "type": "string" },
"certificationName": { "type": "string" },
"issueDate": { "type": "string" },
"expirationDate": { "type": "string" }
}
}
},
"effectivenessMetrics": {
"type": "object",
"properties": {
"vulnerabilityReduction": { "type": "number" },
"avgRemediationTimeImprovement": { "type": "string" },
"secureCodeReviewPassRate": { "type": "number" }
}
}
}
}
Usage Example
skill: {
name: 'secure-coding-training-skill',
context: {
trainingType: 'assessment',
targetAudience: {
teams: ['backend-team', 'frontend-team']
},
technologies: ['Java', 'JavaScript', 'Python'],
vulnerabilityFocus: ['injection', 'xss', 'broken-auth'],
assessmentDifficulty: 'intermediate'
}
}
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?