Testing & Security

Implement mitigations, create input filters, design output guards, and build defensive prompting for LLM security

Retrieve statistical and entity data from Google Data Commons about places, demographics, economics, health, education, climate, and other societal topics. For example, population/unemployment/social vulnerability index, etc. This skill provides a way to get DCIDs from place names.

This skill should be used when implementing Supabase email/password authentication in Next.js applications. Automates the complete setup including client/server utilities, login/register pages, auth callback handling, middleware protection, and email configuration. Handles common errors like PKCE flow issues, cookie management, and admin role verification.

Create Angular 20 standalone components using modern patterns: Signals for state management, input()/output() functions (not decorators), @if/@for/@switch control flow (not *ngIf/*ngFor), inject() dependency injection (not constructor), and OnPush change detection. Use this skill when scaffolding new UI components that need reactive state, form handling, or integration with services following the three-layer architecture.

Hidden quality gate that runs before showing "Done!" to user - ensures all tests pass, build succeeds, and requirements met before claiming completion

Create best-in-class repository scaffolds with modern tooling, security, CI/CD, testing, and documentation. Works for code, data science, ontologies, APIs, and CLI projects.

Generate production-ready Helm charts for Kubernetes apps. Use when: (1) Deploying applications to Kubernetes, (2) Containerizing apps for Minikube/K8s, (3) Creating reusable deployment packages, (4) Needing parameterized K8s manifests, (5) Scaffolding new chart structures. Includes security contexts, resource limits, RBAC, NetworkPolicies, and multi-environment support (dev/prod). Provides templates for frontend, backend, and MCP server components.

Master end-to-end testing with Playwright to build reliable test suites that catch bugs, improve confidence, and enable fast deployment. Use when implementing E2E tests, debugging flaky tests, or establishing testing standards.

Validate Dapr component configs, sidecar annotations, and mTLS settings. Use when: (1) Creating Dapr Component manifests, (2) Adding Dapr annotations to deployments, (3) Configuring pub/sub, state stores, or bindings, (4) Before deploying Dapr-enabled applications, (5) Generating new Dapr components. Validates secrets management (secretKeyRef), scopes, mTLS, sidecar resource limits, and namespace configuration.

Generates .stylelintrc configuration for linting CSS, SCSS, and Vue component styles. Auto-detects stylesheet type and fetches latest package versions for plugins.

Build execution philosophy including TDD discipline, Minimal Intervention Principle, system awareness, and verification protocols. Use when implementing code, managing build phase, enforcing test-first practices, or preventing accumulative complexity. Triggers on: build phase, TDD, test first, red green refactor, minimal code, system awareness, implementation, code quality, verification protocols, build philosophy.

Use this skill when writing Go code following the Uber Go Style Guide. Provides comprehensive guidance on idiomatic Go patterns, error handling, concurrency safety, performance optimization, and test-driven development. Covers all critical Uber Go rules including channel sizing, goroutine management, interface design, and proper error handling. Appropriate for any task involving .go files, Go code reviews, refactoring, or implementing Go best practices.

Looks up OWASP Top 10 attack methods, CWE references, and form-specific vulnerability patterns with a bounty hunter mindset. Returns attack vectors, payloads, and payout estimates. Use when user asks about "XSS", "SQL injection", "CSRF", "OWASP", "CWE", "IDOR", "injection", "bypass", "vulnerability", "exploit", "SQLインジェクション", "クロスサイトスクリプティング", "脆弱性".

Safe code refactoring with DDD patterns and test preservation

Production-tested setup for Zustand state management in React applications with TypeScript.This skill provides comprehensive patterns for building scalable, type-safe global state.Use when: setting up global state in React, migrating from Redux or Context API, implementingstate persistence with localStorage, configuring TypeScript with Zustand, using slices patternfor modular stores, adding devtools middleware for debugging, handling Next.js SSR hydration,or encountering hydration errors, TypeScript inference issues, or persist middleware problems.Prevents 5 documented issues: Next.js hydration mismatches, TypeScript double parenthesessyntax errors, persist middleware export errors, infinite render loops, and slices patterntype inference failures.Keywords: zustand, state management, React state, TypeScript state, persist middleware,devtools, slices pattern, global state, React hooks, create store, useBoundStore,StateCreator, hydration error, text content mismatch, infinite render, localStorage,

Verify security considerations were addressed before shipping. Issues result in WARNINGS that strongly recommend fixing.

SSH key lifecycle management. Create, deploy, rotate, and revoke SSH keys with full tracking.Use when asked about: ssh keys, manage ssh, create ssh key, deploy key, ssh config, key rotation,ssh access, authorized_keys, ssh audit, which keys, ssh inventory.

Comprehensive guide for integrating Semaphore V4 zero-knowledge protocol. Use when developing anonymous voting systems, privacy-preserving authentication, ZK proofs, smart contracts with group membership verification, or implementing Semaphore SDK features (Identity management, Group operations, Proof generation/verification). Also use when modifying, upgrading, or debugging existing Semaphore integrations.

Use BEFORE implementing any new domain/feature to ensure proper layered architecture with dependency injection. Prevents mixed concerns and tight coupling.

Execute tests adaptively, analyze failures, generate detailed failure reports, and iterate until tests pass. This skill should be used when running tests from a test plan, working with any language, framework, or test type (E2E, API, unit, integration, performance).