Testing & Security

Process a task list one sub-task at a time with pause/confirm gates, test/commit protocol, and file tracking.

Detect incorrectly installed skills and report issues.

Pre-merge security validation detecting secrets, user-specific paths, insecure SSH configurations, and security-weakening flags. Use before committing code/documentation, before creating PRs, or during QA validation. Supports automated scanning with severity-based enforcement (CRITICAL blocks merge, HIGH requires fixes).

Matrix data model verification using ASCII diagrams. Use when working with *Progressions.ts files, defineProgression(), or testing how 2D numeric grids evolve over time. Auto-apply when editing files matching *Progressions.ts or src/test-utils/ascii*.ts.

Test-Driven Development workflow for CCAGI. Red-Green-Refactor cycle with TypeScript/Node.js patterns. Use when implementing new features, fixing bugs, or writing tests.

Senior QA Engineer with 10+ years Java testing experience. Use when writing unit tests with JUnit, creating integration tests with Testcontainers, implementing API tests, following TDD methodology, or testing reactive code with StepVerifier.

AUTOMATICALLY run Codex review after writing security-sensitive code (auth, crypto, SQL) - get a second opinion from OpenAI Codex

Auto-invoke when reviewing authentication, authorization, input handling, data exposure, or any user-facing code. Enforces OWASP top 10 awareness and security-first thinking.

Test cross-browser compatibility on Chrome, Firefox, Safari, and Edge using Playwright. Use when ensuring browser compatibility or fixing browser-specific issues.

OpenAI REST API integration guide. Use when: making direct HTTP calls to OpenAI API,understanding API structure without SDK, debugging API requests, learning request/responseformats, handling errors and rate limits. Covers: authentication, Chat Completions,Embeddings, Images (DALL-E), Audio (Whisper/TTS), error handling, streaming.

A valid test skill for unit testing

Browser automation with Selenium WebDriver for Python. (project)

Use for ANY bug, test failure, or unexpected behavior. Use BEFORE proposing fixes. Four phases: investigate, analyze, hypothesize, implement. Ensures understanding before attempting solutions.

SSO integration guidance for fort-nix services. Use when adding authentication to a service, choosing an SSO mode, configuring oauth2-proxy, or troubleshooting auth issues.

This skill activates when checking for hardcoded credentials, API keys, database passwords, and other secrets in source code. Provides patterns to detect leaks, scanning strategies, and best practices for secret management across all languages.

Validate and test plugins before deployment

Playwright browser automation and E2E testing. Use for browser testing, screenshots, debugging, MCP tools, page objects, and visual verification.

Comprehensive code review expertise. Use when reviewing code, evaluating architecture, or assessing quality. Triggers on review, evaluate, assess, audit, code quality, best practices.

TDD (Test-Driven Development) skill with Mockito for Spring Boot.Guides the Red-Green-Refactor cycle for writing tests first.

Harness Platform administration including delegates, RBAC, connectors, secrets, templates, policy as code (OPA), user management, audit logs, and governance. Activate for Harness setup, administration, access control, and platform configuration.