Testing & Security

Perform enterprise security review of the codebase

Use when building rwsdk applications with route handling, middleware, authentication guards, HTTP method routing, context sharing, and type-safe link generation - covers defineApp, route patterns, interrupters, and Documents

A test skill in a nested directory with file references

Generates comprehensive gdUnit4 test stub files for GDScript classes with structured JSON output and automated remediation support.

Comprehensive skill for working with Azure DevOps REST API across all services including Boards (work items, queries, backlogs), Repos (Git, pull requests, commits), Pipelines (builds, releases, deployments), Test Plans, Artifacts, organizations, projects, security, extensions, and more. Use when implementing Azure DevOps integrations, automating DevOps workflows, or building applications that interact with Azure DevOps services.

Comprehensive guide to Rust automated testing covering unit, integration, and documentation tests. Includes practical patterns for async testing, property-based testing with proptest, mocking strategies using traits, and essential testing tools (cargo-nextest, criterion, tarpaulin). Emphasizes FIRST principles and CI/CD integration.Use this when: setting up new Rust projects, establishing testing standards for teams, improving existing test suites, implementing TDD workflows, or learning Rust testing ecosystem best practices. Particularly valuable for projects requiring high reliability and comprehensive test coverage.

Critical reference for all Supabase database operations. Use this whenever reading from or writing to the database to ensure correct client usage (supabaseServer vs supabase), schema names, and query patterns. CRITICAL for security.

Implements Anthropic's Evaluator-Optimizer pattern where one LLM generates solutions and another provides evaluative feedback in an iterative loop. Use when quality can be demonstrably improved through articulated feedback cycles. Evaluates across 5 dimensions (functionality, performance, code quality, security, documentation) with up to 5 improvement iterations.

Reviews package dependencies for security vulnerabilities, outdated versions, and license compliance. Use when user asks about dependencies, security audits, or before releases.

E2E testing skill for Pawel Lipowczan portfolio project (Playwright + React/Vite). Use when user wants to create new E2E tests, debug flaky tests, extend test coverage, verify test completeness for features, or run/interpret test results. Covers navigation, forms, blog, SEO, accessibility (WCAG 2.1 AA), responsiveness. References docs/portfolio/testing/{README.md,TESTING_QUICKSTART.md}. Complements portfolio-code-review skill.

Use this skill when you need to start or call Chitti's MCP server (chitti.decide/recall/policy/audit) from Codex, keeping tool details out of context until invoked.

Use when implementing in-app purchases, StoreKit 2 subscriptions, consumables, non-consumables, or transaction handling. Covers testing-first workflow with .storekit configuration, StoreManager architecture, and transaction verification.

This skill should be used when building backend applications with Encore.ts, a TypeScript backend framework. Use this skill for creating APIs, managing databases, implementing authentication, handling async messaging (Pub/Sub), managing storage, scheduling tasks (cron jobs), implementing middleware, configuring CORS, managing secrets, and structuring backend services. This skill is triggered when users need to create or modify backend services, endpoints, databases, authentication systems, or any other backend infrastructure using Encore.ts.

Python testing best practices with pytest. Covers unit, integration, async tests, mocking, fixtures.Triggers: "напиши тесты", "write tests", "add tests", "test coverage", "pytest"

Web shell samples for detection and analysis: PHP, ASP, ASPX, JSP, Python, Perl shells. Use for security research and detection system testing.

Modern Rust development best practices for 2025. Use when working on Rust projects including: (1) Project setup and Cargo.toml configuration, (2) Clippy/rustfmt linting and formatting, (3) Error handling with thiserror/anyhow, (4) Async programming with Tokio, (5) Testing strategies (unit, integration, property-based), (6) CI/CD pipelines and security scanning, (7) Performance optimization and profiling, (8) Observability with tracing, (9) Unsafe code review.

Expert assistant for provisioning charm development and testing environments using concierge. Use when setting up development machines, bootstrapping Juju controllers, installing craft tools (charmcraft, snapcraft, rockcraft), or preparing test environments. Keywords include concierge, provision, development environment, Juju bootstrap, LXD, MicroK8s, K8s, craft tools, prepare, restore.

Generate Python code to call undocumented AWS APIs using SigV4 authentication from cURL requests captured in browser dev tools. This skill should be used when users need to create Python functions that call AWS internal or undocumented APIs with proper AWS Signature Version 4 authentication.

Analyze, review, and provide recommendations for distributed system designs. Use when:(1) Reviewing existing system architectures for gaps or improvements,(2) Analyzing system designs for scalability, reliability, or performance issues,(3) Providing recommendations on load balancing, caching, databases, sharding, replication, messaging, rate limiting, authentication, resilience, or monitoring,(4) Assessing trade-offs in system design decisions,(5) Creating system design review documents with gaps and recommendations.Triggers: "review my system design", "analyze this architecture", "what are the gaps", "system design recommendations", "scalability review", "reliability analysis".

Template for creating new cybersecurity skills. Provides structure and examples for skill development.