checking-owasp-compliance

Quick Review

The skill provides a clear description and structure for OWASP compliance checking with good organizational clarity. However, it suffers from significant gaps in task knowledge: no actual scanning scripts, tools, or implementation details are provided. The skill references an 'owasp-compliance-checker plugin' that doesn't exist in the directory, and while the instructions mention systematic execution, there are no concrete commands, tool invocations, or code to perform the actual security scanning. The novelty is limited as most OWASP scanning tools are readily available CLI utilities (OWASP ZAP, dependency-check, etc.) that an agent could invoke directly. The skill would benefit from actual scanning scripts, tool configurations, pattern matching rules for vulnerability detection, or at minimum specific bash commands that leverage existing security tools to deliver on its promise of automated OWASP compliance checking.