Testing & Security

Standard Operating Procedure for /optimize phase. Covers performance benchmarking, accessibility audit, security review, and code quality checks.

Securely upload GitHub Actions secrets via gh CLI. Use when GitHub Actions workflow requires secrets or user invokes /setup-github-secrets. NEVER commits secrets.

Toolkit para interagir e testar aplicações web locais usando Chrome DevTools MCP. Suporta verificação de funcionalidade frontend, debugging de UI, captura de screenshots, análise de performance, inspeção de network e visualização de logs do console.

MUST INVOKE this skill when working with subagents, setting up agent configurations, understanding how agents work, or using delegation tools to launch specialized agents. Create, audit, and maintain AI subagents and delegation tools.

Complete guide for adding new self-hosted applications to the home-server Ansible infrastructure. Use this skill when the user wants to add a new service, create a new role, or deploy a new self-hosted application. Covers role structure, integration patterns (firewall, NGINX, SELinux, DNS), installation methods (binary, package, container), and testing procedures.

Coverage thresholds and reporting. Use when analyzing and improving test coverage.

Backup, restore, and validate golden datasets for AI/ML systems - ensuring test data integrity and preventing catastrophic data loss

Write and run Rust tests using cargo test with unit tests, integration tests, doc tests, and property-based testing. Use when writing Rust tests or setting up test infrastructure.

Browser automation with Playwright for testing and validation. Use when user asks to test a page, verify UI, take screenshots, check responsive design, fill forms, or validate web functionality. Writes and executes custom automation scripts.

Comprehensive Ruby on Rails v8.1 development guide with detailed documentation for Active Record, controllers, views, routing, testing, jobs, mailers, and more. Use when working on Rails applications, building Rails features, debugging Rails code, writing migrations, setting up associations, configuring Rails apps, or answering questions about Rails best practices and patterns.

⚡ AUTO-INVOKE when user asks: 'audit', 'investigate', 'how does X work', 'find all', 'where is', 'trace', 'understand', 'map the codebase', 'comprehensive'. MUST run BEFORE Read/Glob when planning to read 3+ files. Prevents tool familiarity bias toward native tools.

AI-Powered Security Testing Toolkit - Professional penetration testing tools with intelligent agent-empowering capabilities

Use when extracting structured data from websites using Playwright MCP tools, when handling login/authentication flows, when crawling paginated content, or when building scrapers that navigate dynamic SPAs with tabs, accordions, or React/HeadlessUI components

Pre-merge security validation detecting secrets, user-specific paths, insecure SSH configurations, and security-weakening flags

Scan test files for anti-patterns including mesa-optimization, disabled tests, trivial assertions, and error swallowing

Write tests for backend services, APIs, and database access. Use when testing Express/Fastify handlers, services with database calls, or integration tests.

Create secure FastAPI routes for task CRUD with search/filter/sort query params and JWT auth when backend endpoints are needed

Implement minimal code to make failing tests pass (GREEN phase of TDD). Write just enough code to pass tests, no more. Use after red-phase when tests are failing.

Complex skill for testing directory support with nested dirs, binary files, and multiple file types

Standard Go security toolkit: race detector, golangci-lint, Trivy, govulncheck. Zero cost, seamless integration, and OpenSSF-certified security workflow patterns.