Testing & Security

Worker that runs existing tests to catch regressions. Auto-detects framework, reports pass/fail. No status changes or task creation.

Guide for setting up local PyPI servers to host and serve Python packages. This skill should be used when tasks involve creating a local PyPI repository, serving Python packages over HTTP, building distributable Python packages, or testing pip installations from a custom index URL.

Guidance for creating polyglot files that are valid in both Python and C. This skill applies when tasked with writing code that must be parseable and executable by both the Python interpreter and C compiler. Covers polyglot syntax techniques, testing strategies, and critical cleanup requirements.

Build FastAPI applications with async patterns, Pydantic validation, dependency injection, and modern Python API practices.

This skill guides writing comprehensive Minitest tests for Ruby and Rails applications. Use when creating test files, writing test cases, or testing new features. Covers both traditional and spec styles, fixtures, mocking, and Rails integration testing patterns.

Comprehensive codebase quality audit with parallel agent orchestration, GitHub issue creation, automated PR generation per issue, and PM-prioritized recommendations. Use for code review, refactoring audits, technical debt analysis, module quality assessment, or codebase health checks.

Launch Baldur's Gate 3 through Steam on macOS and load saved games using macos-automator and peekaboo MCP servers.Designed for testing bg3se-macos (Script Extender) development.Use when: (1) launching BG3 from Steam, (2) loading a BG3 saved game, (3) testing SE mod injection,(4) user asks to "start BG3", "load my BG3 save", "play Baldur's Gate", "test the script extender".Requires macos-automator and peekaboo MCP servers installed with accessibility permissions.

Analyzes events through cybersecurity lens using threat modeling, attack surface analysis, defense-in-depth,zero-trust architecture, and risk-based frameworks (CIA triad, STRIDE, MITRE ATT&CK).Provides insights on vulnerabilities, attack vectors, defense strategies, incident response, and security posture.Use when: Security incidents, vulnerability assessments, threat analysis, security architecture, compliance.Evaluates: Confidentiality, integrity, availability, threat actors, attack patterns, controls, residual risk.

Use when designing cloud architectures, planning migrations, or optimizing multi-cloud deployments. Invoke for Well-Architected Framework, cost optimization, disaster recovery, landing zones, security architecture, serverless design. Keywords: AWS, Azure, GCP, multi-cloud, cloud migration, cost optimization.

Performs systematic code review checking for correctness, maintainability, security, and best practices. Activates when user requests review, before creating PRs, or when significant code changes are ready. Ensures quality gates are met before code proceeds to production.

Use when developing WordPress themes, plugins, customizing Gutenberg blocks, implementing WooCommerce features, or optimizing WordPress performance and security.

Use when reviewing pull requests, conducting code quality audits, or identifying security vulnerabilities. Invoke for PR reviews, code quality checks, refactoring suggestions. Keywords: code review, PR review, quality, refactoring, best practices.

Test coverage analysis to ensure adequate testing, Storybook coverage, and test quality.

Dependency health analysis to detect outdated packages and unused dependencies.

Use when setting up monitoring systems, logging, metrics, tracing, or alerting. Invoke for dashboards, Prometheus/Grafana, load testing, profiling, capacity planning. Keywords: monitoring, observability, logging, metrics, tracing, alerting, Prometheus, Grafana.

Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews. Keywords: security review, vulnerability, SAST, audit, penetration testing, cloud security.

Use when building NestJS applications requiring modular architecture, dependency injection, or TypeScript backend development. Invoke for modules, controllers, services, DTOs, guards, interceptors, TypeORM/Prisma. Keywords: NestJS, Nest, Node.js, TypeScript backend, dependency injection.

Use for PR/code reviews and any task that benefits from a dedicated tmux sub-agent with per-task git worktrees; default path for reviewing diffs (read diff → summarize → run checks/tests) with automated monitoring.

Generates agentic outside-in tests using gadugi-agentic-test framework for CLI, TUI, Web, and Electron apps.Use when you need behavior-driven tests that verify external interfaces without internal implementation knowledge.Creates YAML test scenarios that AI agents execute, observe, and validate against expected outcomes.Supports progressive complexity from simple smoke tests to advanced multi-step workflows.

Use when building Spring Boot 3.x applications, microservices, or reactive Java applications. Invoke for Spring Data JPA, Spring Security 6, WebFlux, Spring Cloud integration. Keywords: Spring Boot, Spring Framework, Spring Cloud, WebFlux, microservices.