UnitOneAI · hgm1111 · Jun 14, 2026
@@ -3,7 +3,7 @@
 **Drop structured security skills into your AI coding agent. Get instant, framework-grounded security expertise.**
 
 ![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)
-![Skills: 45](https://img.shields.io/badge/Skills-45-green.svg)
+![Skills: 46](https://img.shields.io/badge/Skills-46-green.svg)
 ![Claude Code](https://img.shields.io/badge/Claude_Code-compatible-purple.svg)
 ![Gemini CLI](https://img.shields.io/badge/Gemini_CLI-compatible-purple.svg)
 ![Cursor](https://img.shields.io/badge/Cursor-compatible-purple.svg)
@@ -111,7 +111,7 @@ This is why some skills ship extra `.md` files alongside `SKILL.md` (e.g. `cloud
 
 ## Skills
 
-45 skills across 10 security domains.
+46 skills across 10 security domains.
 
 ### Application Security
 
@@ -152,6 +152,7 @@ This is why some skills ship extra `.md` files alongside `SKILL.md` (e.g. `cloud
 | Azure Security Review | `skills/cloud/azure-review/` | CIS Azure Benchmark v2.1 |
 | GCP Security Review | `skills/cloud/gcp-review/` | CIS GCP Benchmark v2.0 |
 | IaC Security | `skills/cloud/iac-security/` | OWASP IaC Security, SLSA v1.0 |
+| Cloud Metadata Hardening | `skills/cloud/cloud-metadata-hardening/` | CIS AWS v3.0, MITRE ATT&CK T1552.005, CWE-918 |
 | Container Security | `skills/cloud/container-security/` | CIS Docker v1.6, CIS K8s v1.9 |
 
 ### Vulnerability Management
@@ -220,7 +221,7 @@ Pre-configured skill sequences for common security roles. Each bundle orchestrat
 | **SOC Analyst** | Alert triage, threat hunting, incident investigation, detection engineering | alert-triage, detection-engineering, ir-playbook, log-analysis, cve-triage |
 | **Security Engineer** | Building security into products and infrastructure | secure-code-review, dependency-scanning, cve-triage, secrets-management, pipeline-security, container-security, iam-review |
 | **AppSec Engineer** | Application security design, testing, and code review | threat-modeling, secure-code-review, api-security, dependency-scanning, prompt-injection, owasp-top-10-web |
-| **Cloud Security Engineer** | Cloud posture, IaC review, container security, identity | aws-review, azure-review, gcp-review, iac-security, container-security, zero-trust-assessment, privileged-access |
+| **Cloud Security Engineer** | Cloud posture, IaC review, container security, identity | aws-review, azure-review, gcp-review, iac-security, cloud-metadata-hardening, container-security, zero-trust-assessment, privileged-access |
 
 ---
 

@@ -6,7 +6,7 @@
 meta:
   version: "1.0.0"
   last_updated: "2026-03-05"
-  skill_count: 45
+  skill_count: 46
   role_count: 5
 
 tag_vocabulary:
@@ -187,6 +187,18 @@ skills:
     file: skills/cloud/iac-security/SKILL.md
     compatible_tools: [claude-code, gemini-cli, cursor, codex-cli, openclaw, kiro]
 
+  - id: cloud-metadata-hardening
+    name: "Cloud Metadata Hardening Review"
+    tags: [cloud, metadata, ssrf, iam, kubernetes]
+    role: [cloud-security-engineer, security-engineer, appsec-engineer]
+    phase: [build, deploy, operate, review]
+    activity: [review, assess, audit]
+    frameworks: [CIS-AWS-v3.0.0, MITRE-ATT&CK-T1552.005, CWE-918, OWASP-SSRF-Prevention]
+    difficulty: intermediate
+    time_estimate: "45-90min"
+    file: skills/cloud/cloud-metadata-hardening/SKILL.md
+    compatible_tools: [claude-code, gemini-cli, cursor, codex-cli, openclaw, kiro]
+
   - id: container-security
     name: "Container & Kubernetes Security Review"
     tags: [cloud, containers, kubernetes, docker]
@@ -594,5 +606,5 @@ roles:
   - id: cloud-security-engineer
     name: "Cloud Security Engineer"
     description: "Cloud security posture, IaC review, container security, identity"
-    skills: [aws-review, azure-review, gcp-review, iac-security, container-security, zero-trust-assessment, privileged-access]
+    skills: [aws-review, azure-review, gcp-review, iac-security, cloud-metadata-hardening, container-security, zero-trust-assessment, privileged-access]
     file: roles/cloud-security-engineer/SKILL.md