Testing & Security

Kyverno pod security policies enforcing Pod Security Standards, privilege restrictions, and security profiles for Kubernetes workloads.

Run the relevant tests for the current change and summarize results. Use in Flow 3 (Build) and optionally in Flow 4 (Gate).

Implement PCI DSS compliance requirements for secure handling of payment card data and payment systems. Use when securing payment processing, achieving PCI compliance, or implementing payment card security measures.

Rust development standards including cargo test, clippy, and rustfmt. Use when working with Rust files, Cargo.toml, or Rust tests.

Comprehensive gap analysis framework for identifying missing capabilities, coverage, and requirements. Use for requirements vs implementation gaps, test coverage analysis, documentation gaps, security posture assessment, performance benchmarks, feature parity analysis, team capability gaps, infrastructure coverage, compliance gaps, and accessibility analysis. Includes SWOT, maturity models, and automated gap detection.

PROACTIVE skill - STOP and invoke BEFORE writing dbt SQL. Validates models against coding conventions for staging, integration, and warehouse layers. Covers naming, SQL structure, field conventions, testing, and documentation. CRITICAL - When about to write .sql files in models/, invoke this skill first, write second. Supports project-specific convention overrides and sqlfluff integration.

Automatically generate comprehensive QA test plans when user mentions testing requirements, QA needs, or asks what should be tested. Analyzes code changes and features to create structured test scenarios. Invoke when user mentions "test plan", "QA", "what to test", "testing requirements", or "test scenarios".

AI-powered PR Author Agent that transforms Observability Diff Plans into Pull Requests. Use when: (1) Generating instrumentation code from Scout Agent output, (2) Creating OTel configuration, correlation headers, lineage specs, (3) Scaffolding telemetry validation tests, (4) Creating GitHub/GitLab PRs with observability artifacts. Triggers: "generate PR from diff plan", "create instrumentation PR", "scaffold observability code", "generate OTel config", "create telemetry PR".

Complete Git version control workflow automation. USE WHEN user mentions commit, push, pull request, PR, branch, merge, rebase, stash, git status, staged files, unstaged changes, OR any version control operations. Handles conventional commits, security checks, and GitHub CLI integration.

セキュリティとコンプライアンスの規約

Generate actionable, dependency-ordered task lists from implementation plans usingSpecification-Driven Development (SDD) methodology. Use when creating executablework breakdown, task lists, or executing the /tasks command.This skill analyzes design artifacts (plan, contracts, data models, test scenarios)and generates a sequenced task list with parallel execution markers. Tasks followTDD (test-first) and contract-first principles, with clear dependencies and file paths.Triggered by: /tasks command, user request for "task list", "work breakdown","implementation steps", or "what tasks do I need to complete?".

Exploit AWS, Azure, and GCP cloud misconfigurations including S3 buckets, IAM roles, metadata services, serverless functions, and cloud-specific privilege escalation. Use when pentesting cloud environments or assessing cloud security.

Generate comprehensive implementation plans using Specification-Driven Development (SDD)methodology. Use when creating technical design, implementation roadmap, or executingthe /plan command.This skill orchestrates the plan-template.md execution flow, generating research, datamodels, API contracts, and test scenarios. It validates constitutional compliance(Library-First, Test-First, Contract-First) and prepares for task generation.Triggered by: /plan command, user request for "implementation plan", "technical design","how to implement", or "design this feature".

Autonomous software development for agents with no persistent memory. Use when building, testing, or maintaining code projects. Ensures all work is independently verifiable without context from previous sessions.

Use this skill when implementing, modifying, or fixing ANY scraper, discovery, or extraction code in the packages/scrapers directory. Triggers for tasks involving SmartDiscoveryAgent, SmartDishFinderAgent, PuppeteerFetcher, search engines, platform adapters, or related components. Orchestrates a rigorous test-driven workflow with use case definition BEFORE coding, followed by verification.

Testing patterns including pytest, unittest, mocking, fixtures, and test-driven development with extended thinking integration. Activate for test writing, coverage analysis, TDD, hypothesis-driven development, and quality assurance tasks.

Comprehensive repository initialization and scaffolding for new projects. Use when setting up a new repository from scratch with git, GitHub, CI/CD workflows, branch protection, validation checks (format, lint, type-check, tests, builds), git hooks (husky/lefthook), GitHub Actions for PR and main branch validation, automated versioning and tagging, and project-specific release workflows. Ideal for solo developers who want production-ready repository setup including (1) Git initialization with main branch, (2) GitHub repository creation and configuration, (3) Branch protection rules, (4) PR workflow with squash merging and auto-delete branches, (5) Comprehensive validation checks, (6) Git hooks for pre-commit and pre-push validation, (7) GitHub Actions CI/CD pipelines, (8) Automated releases with GitHub Releases integration.

Enable HTTPS for local development with trusted SSL certificates. Use when developers need to test SSL/TLS features, work with third-party APIs requiring HTTPS, or simulate production environments. Supports mkcert, OpenSSL, and automatic certificate trust configuration for macOS, Linux, and Windows.

MUST be loaded before working with any Skill. Covers creating, building, reviewing, assessing, checking, auditing, evaluating, updating, modifying, and improving skills. Invoke PROACTIVELY before writing or changing any SKILL.md file. Provides structure, workflows, and validation for skill development. Supports both personal skills and standalone distributable skills (GitHub repos). (user)

Generate React components following DevPortfolio patterns with automatic scaffolding. Use when asked to create components, generate UI elements, scaffold new features, or create React components. Generates TypeScript components with proper structure, translations, tests, and animations.