Testing & Security

GitHub Actions and CI/CD patterns for Databricks, including automated testing, deployment, and quality gates.

Performs comprehensive security audits of codebases, identifying vulnerabilities and security best practices

Use PROACTIVELY when reviewing CLAUDE.md configurations, onboarding new projects, or before committing memory file changes. Validates against official Anthropic documentation, community best practices, and LLM context optimization research. Detects security violations, anti-patterns, and compliance issues. Not for runtime behavior testing or imported file validation.

Verify test execution by replaying trajectory and checking script coverage.Ensures tests actually happened as recorded and scripts cover all test cases.WHEN TO USE:- After tests claim to pass (verify they actually ran)- Before marking ticket complete (audit trail)- When reviewing someone else's work- User says "validate", "verify tests", "check coverage"- Periodic audit of test integrityCHECKS:1. TRAJECTORY - Steps match recorded actions2. EVIDENCE - Screenshots, logs, outputs exist3. COVERAGE - Scripts test all cases from 3-spec.md4. COMPLETENESS - All required tests have trajectory

Implements new modules, agents, or features using TDD methodology. Used when adding any new functionality to the table2image multi-agent system. Follows six-phase workflow: context loading, test writing, implementation, verification, documentation, and protocol completion.

Track prompt versions, A/B test variants, and measure prompt performance

Expert for building user stories using Test-Driven Development (TDD) with NestJS and @lenne.tech/nest-server. Implements new features by creating story tests first in tests/stories/, then uses generating-nest-servers skill to develop code until all tests pass. Ensures high code quality and security compliance. Use in projects with @lenne.tech/nest-server in package.json dependencies (supports monorepos with projects/*, packages/*, apps/* structure).

Run automated accessibility tests on URLs or HTML content using axe-core engine to WCAG 2.2 AA standards, then format findings as standardized issue reports. Use this skill when users want to test website accessibility, find WCAG violations, audit pages for accessibility issues, check if sites are accessible, analyze HTML for accessibility problems, or create accessibility issue tickets. Triggers on requests like "test accessibility", "check for WCAG violations", "audit this URL", "is this page accessible", "find accessibility issues", or "write accessibility issues".

Use when determining which repositories or files a task affects. Distinguishes between target repos (where changes happen) and reference repos (for learning patterns). Supports both standard mode returning { targets, references } and audit mode detecting specific config files to audit. Returns structured scope object.

Enterprise-grade production readiness assessment system for comprehensive codebase evaluation. Use when (1) Evaluating a GitHub repository for production deployment, (2) Conducting pre-launch security and architecture reviews, (3) Assessing technical debt and system reliability, (4) Identifying gaps, vulnerabilities, and incomplete features, (5) Generating actionable remediation plans for engineering teams, (6) Validating scalability, observability, and operational readiness, (7) Reviewing cost optimization and resource efficiency, (8) Auditing compliance with industry standards (SOC2, GDPR, HIPAA, PCI-DSS), (9) Evaluating API contracts and integration stability, (10) Assessing team knowledge transfer and documentation completeness. Performs CTO-level multi-dimensional analysis exceeding top-tier tech company standards.

あらゆる言語/スタックで潜在バグリスクを洗い出し、追加すべきテストケースを提案する。未テストのエッジケース探索や安全性確認、カバレッジ強化のテスト案提示を求められたときに使用する。

Document security research, CTF solutions, and malware analysis. Includes REPORT.md and STATUS.md templates.

Room ORM, SQLite, SharedPreferences, DataStore, encryption. Use when implementing data storage and database operations.

Delegates test pattern detection to a lightweight agent. Use when you need to understand existing test conventions without loading test files into context.

Configure and operate Midnight Network infrastructure including proof servers, indexers, and network endpoints. Use when setting up development environment, troubleshooting connections, or configuring deployments. Triggers on network, proof server, indexer, or testnet questions.

Master Docker containerization, image building, optimization, and container registry management. Learn containerization best practices and image security.

Automated code review with security, performance, and best practices analysis. Use when reviewing pull requests or analyzing code for vulnerabilities, performance issues, or maintainability concerns.

Expert guidance for creating and maintaining GitHub Actions workflows and reusable workflows with security best practices

Homeostatic sensor validating test coverage percentage and detecting requirements without tests. Calculates coverage per requirement (REQ-*) and overall. Use as quality gate or continuous coverage monitoring.

Scan project for outdated or vulnerable dependencies, enforce dependency policies, check licenses, and generate upgrade recommendations.