ReddRadar
Agent skill
cybersecurity-risk-assessor
Medical device cybersecurity risk assessment skill per FDA premarket and postmarket guidance
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/domains/science/biomedical-engineering/skills/cybersecurity-risk-assessor
Metadata
Additional technical details for this skill
- domain
- science
- category
- Risk Management
- skill id
- BME-SK-010
- specialization
- biomedical-engineering
SKILL.md
Cybersecurity Risk Assessor Skill
Purpose
The Cybersecurity Risk Assessor Skill evaluates cybersecurity risks for medical devices per FDA guidance and IEC 81001-5-1, supporting threat modeling, vulnerability assessment, and security control implementation.
Capabilities
- Threat modeling (STRIDE methodology)
- Vulnerability assessment
- SBOM (Software Bill of Materials) generation
- Security control identification
- Penetration testing planning
- Cybersecurity documentation for FDA submissions
- Attack surface analysis
- Security architecture review
- Coordinated vulnerability disclosure planning
- Postmarket cybersecurity management
- Patch management planning
Usage Guidelines
When to Use
- Assessing device cybersecurity risks
- Planning penetration testing
- Preparing FDA cybersecurity submissions
- Managing software dependencies
Prerequisites
- Software architecture documented
- Network connectivity defined
- Data flows identified
- Third-party components cataloged
Best Practices
- Integrate cybersecurity from design inception
- Maintain current SBOM
- Plan for security updates throughout lifecycle
- Establish vulnerability disclosure process
Process Integration
This skill integrates with the following processes:
- Software Development Lifecycle (IEC 62304)
- Medical Device Risk Management (ISO 14971)
- 510(k) Premarket Submission Preparation
- Post-Market Surveillance System Implementation
Dependencies
- FDA Cybersecurity guidance
- IEC 81001-5-1 standard
- SBOM tools (CycloneDX, SPDX)
- Vulnerability databases (NVD, CVE)
- Threat modeling frameworks
Configuration
cybersecurity-risk-assessor:
threat-methodologies:
- STRIDE
- PASTA
- attack-trees
sbom-formats:
- CycloneDX
- SPDX
security-tiers:
- Tier-1-higher
- Tier-2-standard
control-frameworks:
- NIST-CSF
- IEC-62443
Output Artifacts
- Threat models
- Vulnerability assessments
- SBOM documents
- Security architecture documents
- Penetration test plans
- FDA cybersecurity submissions
- Security control matrices
- Patch management plans
Quality Criteria
- All threat vectors identified
- Vulnerabilities assessed with CVSS scores
- SBOM is complete and current
- Security controls address identified risks
- Documentation meets FDA requirements
- Postmarket security plan established
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?