Skills (sub-skills)
🧠 Lagune's sub-skills are focused, language-agnostic security knowledge modules that load only on demand, never by default. They are not commands. The detect and verify phases reach for them while they run, and you can use one directly any time.
- Overview
- How it Works
Access Control
Makes sure people can only see and do what they are allowed to, so no one can reach another user's data or admin-only actions just by changing a link or an ID.
@.lagune/skills/access-control.mdAPI Endpoint
Checks the doors your app exposes to the outside world, so requests from strangers can't pull private data or trigger actions they shouldn't.
@.lagune/skills/api-endpoint.mdBrowser
Guards what runs in your visitors' browsers, so an attacker can't inject code that steals logins or hijacks what your users see and click.
@.lagune/skills/browser.mdC / C++
Catches low-level memory mistakes that let attackers crash the program or run their own code on your server.
@.lagune/skills/c-cpp.mdContainer
Reviews how your app is packaged and deployed, so a break-in stays contained instead of handing an attacker the whole machine.
@.lagune/skills/container.mdCredential Endpoint
Protects the login, signup, and password-reset flows, so attackers can't guess passwords, take over accounts, or reset someone else's.
@.lagune/skills/credential-endpoint.mdCrypto
Makes sure sensitive data is scrambled properly, so passwords, tokens, and personal info can't be read even if they leak.
@.lagune/skills/crypto.mdCSV
Keeps exported spreadsheets safe, so opening a downloaded file can't quietly run a harmful command on someone's computer.
@.lagune/skills/csv.md.NET
Covers security pitfalls specific to .NET apps that can let an attacker run their own code on your server.
@.lagune/skills/dotnet.mdFederation
Secures “sign in with Google/Microsoft/etc.” so an attacker can't impersonate a user or slip into an account that isn't theirs.
@.lagune/skills/federation.mdGo
Covers security pitfalls specific to Go apps, especially subtle bugs that show up under real traffic.
@.lagune/skills/go.mdHTTP Request
Inspects the data that arrives with each web request, so hidden or malicious input can't bend your app into doing the wrong thing.
@.lagune/skills/http-request.mdInterpreter
Stops user input from being run as commands, so a form field or upload can't make your server execute an attacker's instructions.
@.lagune/skills/interpreter.mdJava
Covers security pitfalls specific to Java apps that can let an attacker run their own code on your server.
@.lagune/skills/java.mdJavaScript
Covers security pitfalls specific to JavaScript and Node apps, from running untrusted code to reading files it shouldn't.
@.lagune/skills/javascript.mdLLM
Protects features built on AI models, so a cleverly worded message can't trick the AI into leaking data or misusing connected tools.
@.lagune/skills/llm.mdNetwork
Checks how your app talks to other services, so it can't be tricked into fetching or trusting something an attacker controls.
@.lagune/skills/network.mdPath
Prevents attackers from wandering your server's files, so they can't read private files or overwrite important ones by manipulating a filename.
@.lagune/skills/path.mdPayment
Secures checkout and billing, so no one can tamper with prices, dodge payment, or replay a charge.
@.lagune/skills/payment.mdPHP
Covers security pitfalls specific to PHP apps that can let an attacker run their own code or bypass a login.
@.lagune/skills/php.mdPython
Covers security pitfalls specific to Python apps, especially loading untrusted data that can run an attacker's code.
@.lagune/skills/python.mdRegex
Makes sure text checks are safe and efficient, so a malicious input can't freeze your app by overloading it.
@.lagune/skills/regex.mdRuby
Covers security pitfalls specific to Ruby apps, especially loading untrusted data that can run an attacker's code.
@.lagune/skills/ruby.mdRust
Covers security pitfalls specific to Rust apps, especially unsafe code that can corrupt memory or crash the program.
@.lagune/skills/rust.mdServerless
Reviews cloud functions and their permissions, so a single function can't be abused to reach far more than it should.
@.lagune/skills/serverless.mdSupabase
Locks down your Supabase backend, so your database rules actually hold and secret keys don't end up exposed to the public.
@.lagune/skills/supabase.mdTransport
Makes sure data travels over a secure, encrypted connection, so it can't be read or altered on the way between your users and your app.
@.lagune/skills/transport.mdUpload
Keeps file uploads safe, so someone can't upload a disguised file that runs code, overwrites data, or fills up your storage.
@.lagune/skills/upload.mdXML
Secures how your app reads XML data, so a crafted file can't leak server files or knock your app offline.
@.lagune/skills/xml.mdRun yourself
To use a sub-skill directly, import its file with @ and write the task in the same prompt. The knowledge then acts on what you asked for. This works in any prompt, even one unrelated to the Lagune flow.
They all live in .lagune/skills/, so the file to import is always @.lagune/skills/<name>.md.
For example, a direct free-form prompt to generate a safe RegExp collection with Python:
@.lagune/skills/regex.md
Create a collection of regular expressions in @src/utils/regex.py to validate emails and usernames.
This uses a deterministic hook to test each RegExp against ReDoS, keeps the safe ones, and produces something like:
import re
EMAIL = re.compile(r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$")
USERNAME = re.compile(r"^[a-zA-Z0-9_]{3,20}$")
def is_email(value: str) -> bool:
return EMAIL.match(value) is not None
def is_username(value: str) -> bool:
return USERNAME.match(value) is not None
Test a pattern yourself at devina.io/redos-checker.
The catalog
The built-in sub-skills are grouped into categories you install on demand. This is the set that ships with Lagune:
| Sub-Skill | Category | Focus |
|---|---|---|
regex | owasp | ReDoS: patterns that explode on crafted input. |
network | owasp | SSRF & redirects: user-supplied fetch or redirect destinations. |
interpreter | owasp, lovable | Code injection: eval, dynamic include, name dispatch. |
path | owasp | Filesystem paths: traversal, null-byte, NTFS streams, planting. |
upload | owasp | File uploads: type/signature, malicious content, storage, limits. |
access-control | owasp, lovable | Authn/authz/session: IDOR, mass assignment, tenants, sessions. |
credential-endpoint | owasp, lovable | Guessing & bots: brute force, spraying, stuffing, throttling. |
federation | owasp | Token trust: OAuth/OIDC, SAML, JWT validation, QR login. |
http-request | owasp | Request provenance: CSRF, CORS misconfig, spoofed client-IP. |
transport | owasp | Channel security: TLS config, HTTPS/cleartext, HSTS, pinning. |
crypto | owasp, lovable | Crypto at rest: weak/custom algorithms, CSPRNG, key management. |
api-endpoint | owasp | Non-REST surfaces: GraphQL, gRPC, WebSocket authz, DoS, schema. |
payment | owasp, lovable | Checkout flow: verify gateway server-side, signed callbacks, idempotency. |
xml | owasp | XML parsing: XXE, external entities, billion-laughs expansion. |
csv | owasp | Formula injection: spreadsheet cells starting =/+/-/@. |
container | owasp, infra | Container config: root, capabilities, socket mount, image hardening. |
serverless | owasp, infra, lovable | FaaS functions: least-privilege IAM, event input, context, secrets. |
llm | ai, lovable | AI/LLM risks: prompt injection, agency, RAG, MCP, output. |
supabase | lovable | Supabase backend: RLS off by default, AI-misgenerated policies, key model. |
browser | javascript, lovable | Client-side risks: XSS, CSP, framing, storage, etc. |
javascript | javascript | Language-level risks: RCE, prototype pollution, etc. |
python | python | Language-level risks: pickle RCE, class pollution, -O, etc. |
rust | rust | unsafe soundness: UB from safe callers, transmute, overflow. |
java | java | Deserialization & mobile code: readObject chains, object hijack. |
ruby | ruby | Deserialization & open: Marshal/YAML revival, pipe quirk. |
php | php | Type juggling & unserialize: magic hashes, POP chains. |
go | go | Typed-nil & data races: nil != nil, shared-memory goroutines. |
c-cpp | c-cpp | Format strings: printf(user_input), %n write-what-where. |
dotnet | dotnet | Platform-level risks: BinaryFormatter RCE, @Html.Raw, enum gaps. |
You choose which categories to install when you set up Lagune, and change them any time with add and remove. See Install for the --skills flag. Each installed sub-skill is a file under .lagune/skills/.
Most built-in knowledge is distilled from OWASP. See OWASP Sources for the full mapping of each sub-skill to its canonical OWASP attack and Cheat Sheet pages. A few stack-specific modules draw from the vendor's own guidance instead: supabase, for instance, comes from the Supabase docs and CVE-2025-48757.
The catalog grows by adding one knowledge file plus one catalog row, never a new command. You add your own the same way, with /lagune.specialize: point it at an article or a topic and it distills a new sub-skill into the project's own catalog (the file under .lagune/skills/, the row in .lagune/skills.json), loaded exactly like the built-ins.
When the detect or verify phase hits a context a sub-skill covers, it finds the installed sub-skill and reads the matching .lagune/skills/<name>.md itself. This happens automatically, as part of the phase. You do not do it by hand for this to work.
Discover what is available
To see every category and whether it is installed, from the terminal:
npx -y lagune@latest list --skills
# Specializations .lagune/skills/
# • owasp [installed] Harden against the application security risks OWASP tracks
# • ai [available] AI and LLM integrations: prompts, tools, agents, retrieval, and MCP
# • lovable [available] AI-generated Supabase apps (Lovable and similar): RLS and key model, plus the defaults that ship insecure
# • javascript [available] JavaScript and its runtimes
# • python [available] Python and its language-specific risks
# • rust [available] Rust and its language-specific risks
# ...
The relevant knowledge is pulled in for what the project actually is, instead of every check running by default.
