Testing & Security

Skill for creating and editing PHP tests following project conventions. Use when creating tests, updating test files, or refactoring tests. Applies proper structure, naming, factory usage, and Laravel/PHPUnit best practices.

Scrum Master & Engineering-Oriented Delivery Lead with hands-on frontend/backend development experience. Interprets Technical Design Documents, reviews UX/UI designs, and understands product requirements to ensure delivery clarity. Breaks features into well-scoped Scrum stories (max 3 story points, Fibonacci estimation). Stories are sliced for incremental value, minimal risk, fast feedback. For every ticket provides: clear description, explicit acceptance criteria, expected behavior, constraints, and test case expectations (happy path + edge cases). Ensures stories are implementation-ready, testable, aligned with technical/product goals. Enables team to execute efficiently while maintaining high quality and predictable velocity. Use when creating sprint stories, planning sprints, estimating work, or breaking down features into tickets.

Implement proper error handling patterns for n8n nodes using NodeApiError and NodeOperationError classes. Use this skill when writing try-catch blocks in execute methods, handling HTTP errors, validating parameters, parsing API error responses, implementing continueOnFail logic, writing actionable error messages, or handling errors in trigger nodes. Apply when working with external API calls, authentication errors, rate limiting, or any error scenarios in n8n node development.

Comprehensive Python AI/ML development expert with 10+ years experience using UV package manager. Covers PyTorch, TensorFlow, scikit-learn, transformers, langchain, pandas, numpy, OpenCV, and all major AI/ML libraries. Automatically audits projects, generates production-ready code with type hints, optimizes performance, sets up RAG pipelines, manages dependencies with UV, and ensures best practices. Use for AI/ML project setup, model training, data processing, LLM applications, computer vision, code generation, dependency management, performance optimization, and comprehensive project auditing. Excludes Tkinter and desktop UI libraries.

Next.js/TypeScriptプロジェクト向けセキュリティ診断スキル。OWASP準拠。以下の場合に使用:(1) PRレビュー時のセキュリティチェック(2) API Routes のセキュリティ検証(3) 認証・認可ロジックの確認(4) 依存パッケージの脆弱性確認(5) 環境変数・シークレット管理の確認

Implements session-based authentication with Lucia Auth library for server-side session management and cookie handling. Use when building custom authentication, session management, or when user mentions Lucia, server-side auth, or session cookies.

Guide for writing integration tests with Vitest and Testing Library. Use when testing multi-component workflows, database interactions, React components with context providers, or full user flows. Covers the Testing Trophy philosophy (integration > unit), factory patterns for test data, MSW for network mocking, async testing patterns (waitFor, findBy), and custom render with providers. Use this for tests that cross multiple modules or layers of the application.

PROACTIVELY enforce Test-Driven Development when implementing features or fixing bugs. Ensures tests are written BEFORE code. Use for new methods, services, repositories, or bug fixes. Guides RED-GREEN-REFACTOR cycle.

Automates updating anthropic_sdk_dart when Anthropic OpenAPI spec changes. Fetches latest spec, compares against current, generates changelogs and prioritized implementation plans. Use for: (1) Checking for API updates, (2) Generating implementation plans for spec changes, (3) Creating new models/endpoints from spec, (4) Syncing local spec with upstream. Triggers: "update api", "sync openapi", "new endpoints", "api changes", "check for updates", "update spec", "api version", "fetch spec", "compare spec", "what changed in the api", "implementation plan".

Review, analyze, and inspect code for Photo Map MVP project following Spring Boot, Angular 18, and shared project conventions. Check security, performance, naming, testing, and MVP scope compliance. Use when reviewing pull requests, conducting code audits, analyzing code quality, inspecting Java or TypeScript files, or ensuring quality before commits. File types: .java, .ts, .html, .xml, .properties, .css, .scss

OPA Gatekeeper policy templates overview. 20 production-ready constraint templates for pod security, image validation, RBAC, and resource governance.

Complete Behavior-Driven Development workflow coordinating SCENARIO → STEP DEFINITIONS → IMPLEMENT → REFACTOR cycle with Given/When/Then scenarios. Use when writing BDD tests or implementing features from user stories.

Use when implementing an APPROVED OpenSpec change. Read tasks.md and follow EXACTLY. Do not deviate, add features, or skip tasks. Use with test-tdd for each code task.

Test at extremes (1000x bigger/smaller, instant/year-long) to expose fundamental truths hidden at normal scales

Security audit skill for React Native applications. Use when reviewing code for vulnerabilities, detecting leaked secrets (API keys, tokens, credentials), identifying exposed personal data (PII), checking insecure storage, validating authentication flows, reviewing network security, and ensuring compliance with mobile security best practices (OWASP MASVS). Covers both JavaScript/TypeScript and native iOS/Android code.

This skill provides comprehensive automation for GitHub repository setup and configuration.It should be used when creating new projects, setting up CI/CD pipelines, configuring issuetemplates, enabling security scanning, or migrating existing projects to GitHub automation.The skill prevents 18 documented errors in GitHub Actions YAML syntax, workflow configuration,issue template structure, Dependabot setup, and CodeQL security scanning. It includes 12production-tested workflow templates, 4 issue templates, security configurations, and automationscripts for rapid project setup.Use when: setting up GitHub Actions CI/CD, creating issue/PR templates, enabling Dependabot,configuring CodeQL scanning, automating GitHub repository setup, fixing YAML syntax errors,integrating security scanning, deploying to Cloudflare Workers via GitHub Actions, orimplementing multi-framework testing matrices.Keywords: github actions, github workflow, ci/cd, issue templates, pull request templates,dependabot, codeql, se

Build accessible user interfaces following WCAG guidelines with semantic HTML, keyboard navigation, and screen reader support. When creating or modifying UI components, pages, forms, or interactive elements. When working on files that render HTML, JSX, or template markup. When implementing keyboard navigation, focus management, or ARIA attributes. When adding form inputs, buttons, links, modals, or any interactive UI elements. When ensuring color contrast, alternative text for images, or proper heading structure. When building or testing components for screen reader compatibility.

Comprehensive development guides for advanced Kailash SDK features including custom node development, MCP development, async patterns, testing strategies, production deployment, RAG systems, security patterns, monitoring, and SDK internals. Use when asking about 'development guide', 'advanced features', 'custom node development', 'async node development', 'MCP development', 'production deployment', 'testing strategies', 'RAG implementation', 'security patterns', 'monitoring setup', 'circuit breaker', 'compliance', 'edge computing', or 'SDK internals'.

Generates three project-specific behavioral mode skills (planner, debugger, qa-tester) from project memories and bundled templates, and makes them selectable via switching-modes. Use when creating project-local agent modes for a repository.

Master REST and GraphQL API design, authentication, security, error handling, documentation, and deployment. Learn HTTP semantics, resource modeling, rate limiting, versioning strategies, and build production-grade APIs serving millions of requests.