Testing & Security

Execute golden tests that compare the extracted OCaml interpreter against MLIR toolchain output. Use when validating semantics implementation or debugging differences between formal semantics and MLIR behavior.

WordPress Playground for instant browser-based WordPress testing. Use for quick demos, plugin testing, or ephemeral development environments without Docker.

Generate structured prompts for frontend development tasks following established patterns. Use when the user requests prompts for wireframes, UI implementation, data binding, or routing functionality in React/Next.js projects with specific formatting requirements (Cursor rules, file paths, test-driven development).

Web research and literature search capabilities for external resources.LOAD THIS SKILL WHEN: User says "搜尋", "search", "找資料", "查詢", "檢索", "web search", "網路搜尋" | needs external documentation | research task | API reference lookup | technology comparison | wants latest information.CAPABILITIES: Technical docs (MDN, GitHub, Stack Overflow), academic papers (PubMed integration), API documentation, real-time web data via fetch_webpage, structured search results.

Identifies, categorizes, and articulates code issues with brutal honesty and quantifiable specificity. Use when reviewing code, providing feedback, performing code audits, or when user needs direct assessment of code quality.

이슈관리 보드의 전체 이슈 품질 감사. Use when (1) 중복 이슈 검토, (2) 필수 필드 누락 검토, (3) Projects 미연결 검토, (4) task 이슈 작업량 미할당 검토.

Expert in authoring Gherkin-compliant behavior specifications (Given, When, Then). Use when defining executable scenarios for feature specifications or acceptance tests.

Django framework best practices including project structure, ORM, and security.

Export Azure Logic App workflows to the local project. Checks Azure CLI authentication, confirms subscription, and exports workflow definitions, connections, and configuration for a specified Logic App.

Implements authentication with Clerk including user management, protected routes, middleware, and React components. Use when adding authentication, managing users, protecting routes, or implementing sign-in/sign-up flows.

FastAPI 0.121+ production patterns with async SQLAlchemy 2.0.44, Pydantic V2.12.4, dependency injection, and enterprise architecture. Use for REST API development.

AWS CLI v2 quick-reference for experienced developers. Covers compute (Lambda, ECS, EKS), storage (S3, DynamoDB, Aurora), networking (VPC, SSM tunneling), security (IAM, Secrets Manager), and GitHub Actions CI/CD. Use when asked to "write aws commands", "debug aws access", "set up cross-account roles", "configure aws cli", "assume role", "S3 bucket operations", or "deploy to ECS".

Create or update pytest coverage for the tic-tac-toe project, including win/draw detection, move validation, bot legality/optimality, and mixed human/bot turn flow. Use when adding or editing tests under the tests/ directory.

Review test cases for OAuth/OIDC error handling. Covers authorization endpoint errors, token endpoint errors, error response formats, HTTP status codes, and all error codes per OAuth 2.1 and OIDC Core 1.0.

Use when implementing any feature or bugfix, before writing implementation code

Standard Operating Procedure for /preview phase. Covers manual UI/UX testing on local dev server before shipping.

Implement enterprise Single Sign-On (SSO) authentication supporting multiple identity providers with JWT RS256 tokens, backwards verification, session management, and cross-system permission mapping. Use this skill when building authentication systems that integrate with multiple enterprise SSO providers or when implementing secure token validation with session verification.

Deploy Firebase Firestore security rules and indexes automatically. Use when Firestore query errors mention "requires an index", when firestore.rules or firestore.indexes.json are modified, or when user requests Firebase deployment.

Write efficient and secure database queries following best practices for SQL injection prevention, N+1 query optimization, and performance for PostgreSQL (Bun.sql, Prisma, Supabase) and Firestore. Use this skill when writing or modifying database queries, implementing data fetching logic, working with ORMs (Prisma, TypeORM, Entity Framework), using Bun.sql native driver, querying Firestore collections, or implementing caching strategies. Apply when working on service files (services/*.ts, repositories/*.ts, *Service.cs), query builder implementations, data access layers, or any code that fetches or manipulates data. This skill ensures parameterized queries to prevent SQL injection (never interpolate user input), eager loading to prevent N+1 problems, selective column fetching (no SELECT *), strategic indexing on WHERE/JOIN/ORDER BY columns, transactions for related operations, query timeouts for performance, caching expensive queries, prepared statements with Bun.sql for repeated queries, and query-driven mod

Commitlint configuration and GitHub Copilot commit message instruction templates with validation logic for conventional commit enforcement. Includes 6 required standards (conventional format, relaxed subject rules for Copilot compatibility, optional scope, Husky integration, required dependencies, Copilot instruction consistency). Use when creating or auditing commitlint.config.js and .copilot-commit-message-instructions.md files.