Testing & Security

Perform automated security analysis on code changes to identify common vulnerabilities including SQL injection, path traversal, hardcoded secrets, XSS, and insecure API usage. Reviews Python code for OWASP Top 10 vulnerabilities.

Web scraping templates, scripts, and patterns for documentation and content collection using Playwright, BeautifulSoup, and Scrapy. Includes rate limiting, error handling, and extraction patterns. Use when scraping documentation, collecting web content, extracting structured data, building RAG knowledge bases, harvesting articles, crawling websites, or when user mentions web scraping, documentation collection, content extraction, Playwright scraping, BeautifulSoup parsing, or Scrapy spiders.

Эксперт по bug bounty. Используй для поиска уязвимостей, написания отчётов, responsible disclosure и penetration testing.

Review pull requests for code quality, security, and best practices. Use when the user says "review PR", "review pull request", "check this PR", "PR review", or provides a PR number or URL to review.

FedRAMP Rev 5 authorization expert. Provides guidance on traditional authorization paths, SSP/SAP/SAR/POA&M documentation, NIST 800-53 Rev 5 control implementation, and 3PAO assessment preparation.

Docker-based testing with testcontainers. Use when running tests with real databases.

🛡️ Comprehensive security management for festivals including crowd control, threat assessment, emergency response, and staff coordination.

Create production-ready GitHub Actions workflows for automated testing, building, and deploying applications. Use when setting up CI/CD with GitHub Actions, automating development workflows, or creating reusable workflow templates.

Production-grade authentication & authorization covering JWT, cookies, sessions, hashing, MFA, OAuth2, RBAC, and permissions across all frameworks (Next.js, Express.js, FastAPI, Django, Spring, etc.). Includes intelligent pattern selection, Better Auth integration, email verification, social login, token revocation, permission management, and 10+ years security expertise. Use when implementing authentication, authorization, user management, MFA, OAuth integration, or securing APIs in any framework.

Vitest configuration template and validation logic for test configuration. Standards differ by package type - use package-type specific configs (react-app, react-library, node-library, node-service, contracts, database, api, integration). Use factory pattern for React packages that need vite.config.ts merging.

Use when writing tests with Swift Testing (@Test,

Validate inputs and preconditions before work begins using symmetric validation across layers, allowlist thinking, and contextual business rules with auditability. Use this skill when writing input validation, form handling, API request validation, or domain logic checks. Applies to all boundary validation requiring structured error responses, edge-case coverage, sanitization, escaping, and contract tests ensuring consistent validation across clients, APIs, background jobs, and CLIs.

Expert knowledge for Testing Layer modeling in Documentation Robotics

React 18+ development patterns including components, hooks, state management, API integration, and accessibility. Use when: (1) building React components, (2) designing user interfaces, (3) implementing state management, (4) writing frontend tests.

Generate OAuth 2.0 configuration for social login providers (Google, GitHub, etc.). Triggers on "create oauth config", "generate oauth setup", "social login config", "oauth2 integration".

Harness CI (Continuous Integration) for container-native builds, test intelligence, caching, parallelization, and build infrastructure management. Activate for build pipelines, CI steps, test automation, artifact publishing, and build optimization.

Containerizes applications with Docker, docker-compose, and Helm charts.Use when creating Dockerfiles, docker-compose configurations, or Helm charts for Kubernetes.Includes Docker Hardened Images (95% fewer CVEs), multi-stage builds, and 15+ battle-tested gotchas.

Analyze llm-compact-logger test output and configure enhancements. Use when user shares debug-compact.json or debug-report.json files.

Create user-centered, accessible interface copy (microcopy) for digital products including buttons, labels, error messages, notifications, forms, onboarding, empty states, success messages, and help text. Use when writing or editing any text that appears in apps, websites, or software interfaces, designing conversational flows, establishing voice and tone guidelines, auditing product content for consistency and usability, reviewing UI strings, or improving existing interface copy. Applies UX writing best practices based on four quality standards — purposeful, concise, conversational, and clear. Includes accessibility guidelines, research-backed benchmarks (sentence length, comprehension rates, reading levels), expanded error patterns, tone adaptation frameworks, and comprehensive reference materials.

Unconventional problem-solving with chaotic good energy. Finds creative edge cases, challenges assumptions, explores weird solutions that technically work. Use when you want creative chaos, alternative approaches, or to test if "normal" is actually optimal.