Security

LangGraph framework skill for implementing SITNOVA's stateful AI operator with StateGraph, tools, and conditional routing for security gate automation.

Guide users through a structured workflow for co-authoring documentation. Use when user wants to write documentation, proposals, technical specs, decision docs, or similar structured content. This workflow helps users efficiently transfer context, refine content through iteration, and verify the doc works for readers. Trigger when user mentions writing docs, creating proposals, drafting specs, or similar documentation tasks.

REST API design, implementation, and best practices. Activate for API endpoints, HTTP methods, status codes, authentication, and API documentation.

Analyze dependencies for security vulnerabilities, outdated packages, and license compliance

ログイン、セッション、JWT、OAuth、アクセス制御を実装する際に使用。

Slack 앱 개발 및 API 통합을 위한 포괄적인 스킬. Bolt 프레임워크, Block Kit UI, OAuth 인증, 이벤트 처리, 슬래시 커맨드, 인터랙티브 컴포넌트, 워크플로우 스텝을 지원합니다. "Slack", "슬랙", "봇", "메시지", "채널", "webhook" 키워드로 활성화.

Generate and optimize PRDs, Implementation Plans, and Progress Tracking documents optimized as AI artifacts for development agents. Use when creating new feature plans, breaking down long planning docs (>800 lines), or setting up progress tracking. Supports: 1) Create PRD from feature request, 2) Create Implementation Plan from PRD with phase breakdown and subagent assignments, 3) Optimize existing plans by breaking into phase-specific files, 4) Create progress tracking with task assignments. Example: "Create a PRD for user authentication feature" or "Break down the sidebar-polish implementation plan into phase files" or "Create progress tracking for data-layer-fixes PRD".

ファイル編集・コミット準備時に使用。シークレット漏洩防止チェックを実施。

专业安全审计专家，精通漏洞扫描、渗透测试、合规检查和安全代码审查。帮助企业识别和修复安全风险，确保系统和数据的安全性。

Systematic approach to reviewing code for quality, security, and maintainability

Standard Operating Procedure for /optimize phase. Covers performance benchmarking, accessibility audit, security review, and code quality checks.

Securely upload GitHub Actions secrets via gh CLI. Use when GitHub Actions workflow requires secrets or user invokes /setup-github-secrets. NEVER commits secrets.

Pre-merge security validation detecting secrets, user-specific paths, insecure SSH configurations, and security-weakening flags

Create secure FastAPI routes for task CRUD with search/filter/sort query params and JWT auth when backend endpoints are needed

Ensure store compliance for WebF apps (remote updates, interpreters, rollout/rollback constraints). Use when the user mentions App Store/Play Store, store compliance, remote updates, or publishing WebF-hosted content.

Generate JWT authentication configuration and utilities for API security. Triggers on "create jwt config", "generate jwt authentication", "jwt setup", "token auth config".

WHEN: Kubernetes manifest review, Helm charts, resource limits, probes, RBACWHAT: Resource configuration + Health probes + Security context + RBAC policies + Helm best practicesWHEN NOT: Docker only → docker-reviewer, Terraform → terraform-reviewer

Build real-time voice and video applications with Google's Gemini Live API. Use when implementing bidirectional audio/video streaming, voice assistants, conversational AI with interruption handling, or any application requiring low-latency multimodal interaction with Gemini models. Covers WebSocket streaming, voice activity detection (VAD), function calling during conversations, session management/resumption, and ephemeral tokens for secure client-side connections.

Create responsive, mobile-first user interfaces that adapt seamlessly across all device sizes using modern CSS techniques and responsive design patterns. Use this skill when implementing layouts, breakpoints, fluid typography, responsive images, or any UI that needs to work across mobile, tablet, and desktop viewports. Apply this skill when using CSS media queries, container queries, responsive utility classes (Tailwind's sm:, md:, lg:), flexible grid/flexbox layouts, relative units (rem, em, vw, vh), or when optimizing touch interactions for mobile devices. This skill ensures mobile-first development approach, consistent breakpoint usage, proper viewport configuration, touch-friendly target sizes (44x44px minimum), readable typography across all screen sizes, and optimized performance on mobile networks with responsive images and lazy loading.

Generates Drizzle ORM schema files for users, sessions, tokens, OAuth accounts, and audit logs. Syncs schema to Neon Postgres.