Plugin
tp-security
Principled security review skills — single `security` hub with a `Modes:` directive covering the pre-production security review lifecycle: SAST (static application security testing for injection, auth bypass, SSRF, deserialization, access control), DEPENDENCY-AUDIT (CVE scanning, lockfile drift, typosquatting, supply-chain integrity), SECRETS-DETECTION (API keys, tokens, credentials, private keys via pattern matching and entropy analysis), COMPLIANCE (OWASP ASVS, GDPR, SOC2, PCI-DSS, HIPAA evidence mapping and gap analysis). All four modes spawn `tp-critic` with a mode-specific lens (OWASP / supply-chain / secrets / compliance).