Testing & Security

Senior QMS Audit Expert for internal and external quality management system auditing. Provides ISO 13485 audit expertise, audit program management, nonconformity identification, and corrective action verification. Use for internal audit planning, external audit preparation, audit execution, and audit follow-up activities.

Complete development lifecycle for GitHub/local issues - branch, implement, test, PR, merge with quality gates

Recognize when user requests new feature implementation and prompt for TDD workflow. Triggers on phrases like "implement", "create function", "add feature", "build a", "write code for". Suggests generating failing tests first.

MANDATORY adversarial code review. Use before ANY commit to find security vulnerabilities, logic flaws, and edge cases. Actively tries to break the code.

Guide for creating and configuring custom OpenCode commands. Use this skill when you need to extend OpenCode capabilities, add custom workflows, or understand how to define commands with templates, arguments, and context injection.

Automatically applies when creating AI tool functions. Ensures proper schema design, input validation, error handling, context access, and comprehensive testing.

Use when user requests "parallel" commands, running multiple builds/tests simultaneously, or long-running tasks. Use `gob add` instead of parallel Bash tool calls - gob provides job management, output capture, and proper process control.

Designs comprehensive Zod schemas for MCP tool inputs and API responses,ensuring type safety, clear validation error messages, and securitythrough input sanitization patterns.

WHEN: Performance analysis, bundle size optimization, rendering, Core Web Vitals, code splittingWHAT: Bundle analysis + large dependency detection + re-render issues + useMemo/useCallback suggestions + LCP/FID/CLS improvementsWHEN NOT: Code quality → code-reviewer, Security → security-scanner

Detects project type, package manager, and monorepo structure. Returns correct commands for test/build/lint/dev. Run at project initialization and cache results in state. Use before running any build/test commands.

ESLint flat config validation and templates for eslint.config.js files in MetaSaver monorepos. Includes 5 required standards (correct config type for projectType, simple re-export pattern from shared library, flat config filename eslint.config.js, shared config dependency, required npm scripts). Use when creating or auditing eslint.config.js files to ensure correct linting configuration.

Update the project learning logs (PowerShell/cmd, Git/GitHub/Copilot, AWS, TypeScript, Next.js/React, Playwright) by merging new knowledge into existing categories across one or more files.

30 pragmatic rules for production HTML covering semantic markup, accessibility (WCAG 2.1 AA), performance optimization, forms, and security. Use when writing HTML, building page structures, creating forms, implementing accessibility, or optimizing for SEO and Core Web Vitals.

Work with REST and GraphQL APIs, authentication, API configuration, and data fetching. Use when implementing API calls, debugging network requests, setting up Apollo Client, or handling authentication.

Playwright를 사용하여 로컬 웹 애플리케이션과 상호작용하고 테스트하기 위한 툴킷입니다. 프런트엔드 기능 검증, UI 동작 디버깅, 브라우저 스크린샷 캡처 및 브라우저 로그 확인을 지원합니다.

Screenshot capture, organization, and comparison for QA testing. Use when taking screenshots during test execution to ensure proper naming, organization, and traceability back to test cases.

QuantConnect backtesting API usage and Phase 3 decision integration (project)

Execute end-to-end test scenarios for the D&D 5E terminal game using terminal-control MCP. This skill should be used when the user requests running test scenarios, creating new test scenarios, or debugging game functionality through automated testing. Requires terminal-control MCP server to be installed and running.

Implement secure authentication with JWT, sessions, OAuth, and password hashing. Use when adding login/logout, token auth, or integrating OAuth providers.

Test-Driven Development for Rust. Use when creating new functionality, writing tests, or fixing bugs through the Red-Green-Refactor TDD cycle.