added skills etc

.agents/skills/evolv-ot-it-security/SKILL.md

@@ -0,0 +1,43 @@
+---
+name: evolv-ot-it-security
+description: Perform OT/IT security analysis for EVOLV Node-RED automation systems. Use when reviewing admin endpoints, node input handling, configuration exposure, dependency risk, network/data flow boundaries, and secure-by-default behavior for operational technology integrations.
+---
+
+# EVOLV OT/IT Security
+
+## Mission
+Identify and reduce security risk while preserving operational reliability for process automation workloads.
+
+## Scope
+- Node-RED admin endpoints in node entry files
+- Input validation across `msg.topic` and payload paths
+- Exposure of sensitive config/secrets in code, logs, or UI
+- Dependency and supply-chain concerns in node packages
+
+## Security Workflow
+1. Enumerate attack surface:
+- HTTP admin routes
+- message ingress topics/payloads
+- external service interfaces
+2. Validate input sanitization and type checks.
+3. Check least-privilege assumptions and secret handling.
+4. Evaluate failure modes for denial-of-service or unsafe operation.
+5. Recommend pragmatic controls with minimal operational friction.
+
+## Control Priorities
+- Reject malformed or unauthorized control messages.
+- Avoid leaking credentials, asset identifiers, or internal topology.
+- Keep defaults safe; require explicit opt-in for risky behavior.
+- Preserve auditability of critical control actions.
+
+## Validation Expectations
+- Add negative tests for malformed inputs and unauthorized paths.
+- Confirm error paths are explicit and non-sensitive.
+- Document residual risk when controls are deferred.
+
+## Deliverables
+Return:
+- findings sorted by severity
+- concrete remediation plan by file
+- tests added for security regressions
+- residual risks and compensating controls