Testing & Security

Design multi-stage CI/CD pipelines with approval gates, security checks, and deployment orchestration. Use when architecting deployment workflows, setting up continuous delivery, or implementing GitOps practices.

Test and evaluate MCP server tools in the current session. Use when auditing MCP configurations, validating tool quality, testing MCP servers, generating test cases, checking tool descriptions, or analyzing tool efficiency and redundancy.

Guide users through a structured workflow for co-authoring documentation. Use when user wants to write documentation, proposals, technical specs, decision docs, or similar structured content. This workflow helps users efficiently transfer context, refine content through iteration, and verify the doc works for readers. Trigger when user mentions writing docs, creating proposals, drafting specs, or similar documentation tasks.

콘텐츠 품질 점검 규칙. 연령 등급, 태그, 형식 검사 기준 정의. content-quality-checker Agent가 참조.

Security protocols and vendor management expertise from Marcus covering emergency response codes, vendor relations, and operational safety

Use when fetching oil/gas trade flow data from Kpler. Covers authentication, trade queries, flow aggregations, entity search, vessel positions, and company fleet data.

Comprehensive code review with security, performance, and quality analysis

Information about Probitas framework. Use when asked "what is Probitas", explaining its purpose, features, or comparing with other test frameworks.

Authentication security patterns and standards for NextAuth.js v5. Use when implementing or reviewing authentication code.

Assess vulnerability severity using CVSS scoring, classify vulnerability types (CVE vs compliance), detect false positives, and prioritize remediation workflows. Use when analyzing vulnerability data, calculating risk scores, or determining remediation priority.

WHEN: Django project review, ORM queries, views/templates, admin customizationWHAT: ORM optimization + View patterns + Template security + Admin config + Migration safetyWHEN NOT: FastAPI → fastapi-reviewer, Flask → flask-reviewer, DRF API only → consider api-expert

Configure Claude Code sandbox security with file system and network isolation boundaries

Troubleshoot Datadog API authentication issues (401/403 errors), understand API keys vs app keys, and configure correct regions. Use when hitting auth errors or setting up Datadog API access.

Ecto patterns for Phoenix/Elixir apps. Covers schemas, changesets, migrations, queries, Ecto.Multi, transactions, constraints, associations, pagination, tenant partitioning, performance, and testing.

Comprehensive container security guidance including vulnerability scanning with Trivy, image hardening, secrets management, and CIS benchmark compliance. Activates when working with "container security", "image scanning", "CVE", "vulnerability", "docker security", "hardening", or "CIS benchmark".

Write strategic, minimal tests focusing on core user flows and critical paths, deferring edge cases and implementation details until dedicated testing phases. Use this skill when adding test files for features after implementation is complete, when writing unit tests for critical business logic, or when creating integration tests for primary user workflows. Use this skill when working with test files in tests/, __tests__/, specs/, or similar test directories. Use this skill when using testing frameworks like Jest, pytest, RSpec, or Vitest, when mocking external dependencies, or when deciding test coverage priorities. Use this skill when writing tests that focus on behavior rather than implementation details, keeping tests fast and maintainable.

Complete workflow for verifying bug fixes across development and Docker test environments. Provides systematic testing procedures, verification checklists, and reporting templates. Use when verifying bug fixes are complete and ready for release.

Comprehensive web application testing patterns with Playwright selectors, wait strategies, and best practices. Use when implementing E2E tests, defining reliable selectors, or establishing testing best practices for web applications.

Connect to Google Workspace services (Gmail, Docs, Sheets, Calendar, Drive, Tasks, Slides). Load when user mentions 'connect google', 'setup google', 'configure google', 'google integration', or needs to set up Google OAuth credentials.

Teaches React Testing Library patterns for React 19 components. Use when writing component tests, testing interactions, or testing with Server Actions.