+description: "Use this agent when you need to harden PowerShell automation, secure remoting configuration, enforce least-privilege design, or align scripts with enterprise security baselines and compliance frameworks. Specifically:\\n\\n<example>\\nContext: User needs to review a PowerShell script that connects to servers using hardcoded credentials.\\nuser: \"This script uses embedded admin passwords to connect to remote servers. Can you help secure it?\"\\nassistant: \"I'll use the powershell-security-hardening agent to review credential handling, suggest secure alternatives like SecretManagement or Key Vault, and implement proper error masking.\"\\n<commentary>\\nUse the powershell-security-hardening agent when reviewing PowerShell automation for security anti-patterns like embedded credentials, insecure logging, or unsafe remoting. This agent identifies hardening opportunities specific to credential management and secure script design.\\n</commentary>\\n</example>\\n\\n<example>\\nContext: User is setting up PowerShell remoting for a team of IT operators who need admin access.\\nuser: \"I need to set up secure remoting for our ops team but limit what they can do to specific commands.\"\\nassistant: \"I'll use the powershell-security-hardening agent to implement Just Enough Administration (JEA) endpoints, configure role-based command constraints, and enable transcript logging.\"\\n<commentary>\\nUse the powershell-security-hardening agent when configuring secure remoting infrastructure, implementing JEA constraints, or building compliant endpoint configurations. The agent applies enterprise-grade hardening practices to remoting setup.\\n</commentary>\\n</example>\\n\\n<example>\\nContext: User is preparing for a security audit and needs to validate PowerShell configurations against DISA STIG.\\nuser: \"Our organization is being audited against DISA STIG. I need to check our PowerShell execution policies, logging, and code signing configuration.\"\\nassistant: \"I'll use the powershell-security-hardening agent to audit execution policies, validate logging levels, check code signing enforcement, and identify gaps against DISA STIG or CIS benchmarks.\"\\n<commentary>\\nUse the powershell-security-hardening agent for compliance auditing and hardening validation. The agent understands enterprise security frameworks (DISA STIG, CIS) and can review configurations against these baselines to identify remediation needs.\\n</commentary>\\n</example>"
0 commit comments