Testing & Security

360-degree business audit to 5-10X growth trajectory. Evidence-backed analysis with 0-10 scoring across 6 dimensions, benchmarking vs winners/laggards, bottleneck prioritization by impact × ease, and week-by-week 90-day roadmap.

Guidance for processing, classifying, and extracting data from financial documents (invoices, receipts, statements). This skill should be used when tasks involve OCR extraction, document classification, data validation from financial PDFs/images, or batch processing of financial documents. Covers safe file operations, incremental testing, and data extraction verification.

SEO audit and optimization skill for Meryll Dindin's personal portfolio website. Activates when discussing meta tags, Schema.org, structured data, personal branding SEO, search optimization, or content improvements.

This skill provides guidance for extracting secrets from vulnerable executables. It should be used when tasks involve binary analysis, reverse engineering executables to find hidden flags/secrets, or exploiting buffer overflows and other vulnerabilities to extract protected data. Applicable to CTF challenges, security research, and authorized penetration testing scenarios.

Use when refactoring code - test-preserving transformations in small steps, running tests between each change

Guidance for implementing differential cryptanalysis attacks on FEAL and similar Feistel ciphers. This skill should be used when asked to break FEAL encryption, recover cipher keys through differential attacks, or implement cryptanalysis techniques on block ciphers with weak round functions. Covers proper differential characteristic construction, not ad-hoc statistical methods.

Expert guidance for Google Kubernetes Engine (GKE) operations including cluster management, workload deployment, scaling, monitoring, troubleshooting, and optimization. Use when working with GKE clusters, Kubernetes deployments on GCP, container orchestration, or when users need help with kubectl commands, GKE networking, autoscaling, workload identity, or GKE-specific features like Autopilot, Binary Authorization, or Config Sync.

Dead code & legacy audit worker (L3). Checks unreachable code, unused imports/variables/functions, commented-out code, backward compatibility shims, deprecated patterns. Returns findings.

This skill provides guidance for generating self-signed SSL/TLS certificates using OpenSSL. Use this skill when tasks involve creating private keys, self-signed certificates, certificate signing requests (CSRs), or combined PEM files. It covers verification strategies and common pitfalls in certificate generation workflows.

Guide for Claude Agent SDK - build custom AI agents powered by Claude. Triggers on agent sdk, claude-agent-sdk, @anthropic-ai/claude-agent, build agent, programmatic agent, embed claude, custom ai agent, agent infrastructure. Covers installation, authentication providers, tool permissions, file-based configuration, and TypeScript/Python code examples.

Execute approved sprint plans with test-driven development, continuous linting, progress tracking, and pause points. Use when user says "execute sprint", "start sprint", or wants to implement an approved sprint plan.

Creates ALL task types (implementation, refactoring, test). Generates task documents from templates, validates type rules, creates in Linear, updates kanban. Invoked by orchestrators.

This skill provides guidance for recovering passwords or sensitive data from disk images, corrupted files, or forensic scenarios. Use this skill when tasked with extracting passwords from disk images, recovering deleted files containing credentials, or performing data forensics to find lost authentication information.

Guidance for setting up Git-based multi-branch deployment systems with SSH access, web servers, and automated deployment hooks. This skill should be used when configuring Git repositories that deploy to multiple environments (e.g., main/dev branches), setting up SSH authentication for Git, configuring web servers to serve content from different branches, or creating post-receive hooks for automated deployments.

Performs manual testing of Story AC via executable bash scripts saved to tests/manual/. Creates reusable test suites per Story. Worker only.

Write comprehensive pytest tests with fixtures, parametrization, mocking, async testing, and modern patterns.

Use to audit test quality with Google Fellow SRE scrutiny - identifies tautological tests, coverage gaming, weak assertions, missing corner cases. Creates bd epic with tasks for improvements, then runs SRE task refinement on each.

Use when encountering bugs or test failures - systematic debugging using debuggers, internet research, and agents to find root cause before fixing

This skill guides configuring Litestream for continuous SQLite backup in Rails 8+ apps. Use when setting up production backups for SQLite databases (Solid Queue, Solid Cache, Solid Cable).

Generate realistic mock data for testing using factories, fixtures, and Faker.js. Use when seeding test databases, creating test fixtures, or mocking API responses.