Testing & Security

Automatically generate and run tests after each code change.Use when: any code is generated or modified in the pipeline.Triggers: internal use only.

Test MCP server connectivity and tool execution. Use when adding new MCP servers, debugging tool integration, or verifying tool availability. Supports stdio, http, and sse server types.

Security Chief - Vulnerability detection, security validation, and protection enforcement

CIPS bridge for session resumption. Enables cips resume latest, cips resume gen:N, and --fresh flags. Maintains continuity across sessions.

Automate creation of multiple audio overviews in Google NotebookLM using Playwright. Use when the user needs to generate multiple audio podcasts from web sources with different prompts or focus areas, or when batch-creating NotebookLM audio content.

Investigate GitHub security incidents using tamper-proof GitHub Archive data via BigQuery. Use when verifying repository activity claims, recovering deleted PRs/branches/tags/repos, attributing actions to actors, or reconstructing attack timelines. Provides immutable forensic evidence of all public GitHub events since 2011.

Automate code quality checks with Git hooks. Use when setting up pre-commit linting, pre-push testing, commit message validation, or automated code formatting. Supports Husky, lint-staged, ESLint, Prettier, and custom hooks for any project.

Enforce comprehensive verification and testing before declaring completion. Use when implementing features, making changes, or completing tasks. Prevents insufficient verification (FP-10).

Assists with code review by analyzing code changes for quality, best practices, security, and potential issues. Activates after implementing code features, bug fixes, or refactorings. Provides structured feedback with critical issues, suggestions, and positive highlights.

Comprehensive code review skill for TypeScript, JavaScript, Python, Swift, Kotlin, Go. Includes automated code analysis, best practice checking, security scanning, and review checklist generation. Use when reviewing pull requests, providing code feedback, identifying issues, or ensuring code quality standards.

Phase 5 of disciplined development. Validates system against originalrequirements through system testing and user acceptance testing (UAT).Uses structured stakeholder interviews to gather sign-off and tracesdefects back to research or design phases.

CodeGenAgent スキル - Claude Sonnet 4によるAI駆動コード生成。GitHub Issueの内容を解析し、TypeScriptコード・ユニットテスト・型定義を自動生成。Use when:- 新しいコードを生成する時- Issue内容からコード実装が必要な時- TypeScript/Vitestテストの自動生成が必要な時- BaseAgentパターンに従った実装が必要な時- "コード生成", "実装", "feature", "bug fix" がキーワードに含まれる時

Generic DigitalOcean droplet deployment using doctl CLI for any application type (APIs, web servers, background workers). Includes validation, deployment scripts, systemd service management, secret handling, health checks, and deployment tracking. Use when deploying Python/Node.js/any apps to droplets, managing systemd services, handling secrets securely, or when user mentions droplet deployment, doctl, systemd, or server deployment.

React Native mobile development patterns for authentication, platform-specific issues, navigation, and SDK integration. Use when debugging React Native apps, fixing iOS/Android issues, handling auth flows, or integrating native SDKs.

Test LogiDocs Certify features from customer persona perspectives. Use when the user wants to test features as a customer, get simulated feedback, review UI from user perspective, or mentions "test as Aftrac", "test as Sirius", "customer feedback", "user testing", or "persona review".

Kailash Kaizen - production-ready AI agent framework with signature-based programming, multi-agent coordination, and enterprise features. Use when asking about 'AI agents', 'agent framework', 'BaseAgent', 'multi-agent systems', 'agent coordination', 'signatures', 'agent signatures', 'RAG agents', 'vision agents', 'audio agents', 'multimodal agents', 'agent prompts', 'prompt optimization', 'chain of thought', 'ReAct pattern', 'Planning agent', 'PEV agent', 'Tree-of-Thoughts', 'pipeline patterns', 'supervisor-worker', 'router pattern', 'ensemble pattern', 'blackboard pattern', 'parallel execution', 'agent-to-agent communication', 'A2A protocol', 'streaming agents', 'agent testing', 'agent memory', 'agentic workflows', 'AgentRegistry', 'OrchestrationRuntime', 'distributed agents', 'agent registry', '100+ agents', 'capability discovery', 'fault tolerance', 'health monitoring', 'trust protocol', 'EATP', 'TrustedAgent', 'trust chains', 'secure messaging', 'enterprise trust', 'credential rotation', 'trust verificati

Create mocks using mockall and trait-based abstractions. Use when unit testing code with external dependencies.

Production-ready Express.js development covering middleware architecture, error handling, security hardening, testing strategies, and deployment patterns

Generate comprehensive test suites following the test pyramid: static analysis → unit → integration → E2E.LOAD THIS SKILL WHEN: User says "寫測試", "test", "測試", "TG", "coverage", "覆蓋率", "pytest", "unittest", "驗證" | wants test generation | asks about testing strategy | needs coverage report | code review requires tests | before release/deployment.CAPABILITIES: pytest configuration, mypy/ruff/bandit static analysis, parametrized tests, fixtures/conftest, async testing, httpx API tests, Playwright E2E, coverage reports (pytest-cov), CI integration, test data factories (factory-boy/faker).

Comprehensive guide for Test-Driven Development (TDD) methodology. Use this skill when the user asks to implement features using TDD, write tests first, follow red-green-refactor cycle, or develop code with test-first approach. Also use when user mentions TDD, unit testing workflow, or wants to refactor code with test coverage.