Testing & Security

Validates PopKit security posture using concrete vulnerability patterns, automated secret scanning, and OWASP-aligned checklists

Automated code review analyzing security, performance, maintainability, and test coverage. Activated during code reviews or when conducting analysis.

Audit Axiom logs to identify and prioritize errors and warnings, research probable causes, and flag log smells. Use when user asks to check Axiom logs, analyze production errors, investigate log issues, or audit logging patterns.

note.com APIの調査を支援します。mitmproxyとPlaywrightを使用してHTTPトラフィックをキャプチャ・分析し、API動作を解明します。

Master advanced ASP.NET Core development including Entity Framework Core, authentication, testing, and enterprise patterns for production applications.

Reviews code for best practices, security vulnerabilities, and adherence to the project's style guide. It provides actionable feedback and refactoring suggestions.

Unit testing patterns with xUnit, Moq, and FluentAssertions including AAA pattern, naming conventions, mocking, and edge case coverage. Use when writing or reviewing unit tests.

Use when optimizing website performance. Run Google Lighthouse audits via MCP to measure metrics, identify bottlenecks, and iterate on improvements.

Flow Nexus authentication and user management. Use for login, registration, session management, password reset, and user account operations.

Build async APIs with FastAPI, including endpoints, dependency injection, validation, and testing. Use when creating REST APIs, web backends, or microservices.

Probitas project setup and installation. Use when initializing Probitas, setting up E2E testing, or installing probitas CLI.

測試開發流程。當用戶提到「測試」「test」「TDD」「單元測試」「Feature Test」等關鍵字時自動使用。

Automates updating mistralai_dart when Mistral AI OpenAPI spec changes. Fetches latest spec, compares against current, generates changelogs and prioritized implementation plans. Use for: (1) Checking for API updates, (2) Generating implementation plans for spec changes, (3) Creating new models/endpoints from spec, (4) Syncing local spec with upstream. Triggers: "update api", "sync openapi", "new endpoints", "api changes", "check for updates", "update spec", "api version", "fetch spec", "compare spec", "what changed in the api", "implementation plan".

Table-driven tests, mocking strategies, and comprehensive testing patterns. Use when writing tests.

Unity Catalog governance patterns, permissions models, security best practices, and policy enforcement for enterprise data governance.

Use when setting up project-specific skills via /cc:setup-project or when user requests custom skills for their codebase - analyzes project to create specialized skills that capture architecture knowledge, coding conventions, testing patterns, and deployment workflows

Structured root cause analysis methodology with three-test isolation and prevention analysis

Handling authentication and authorization in StickerNest. Use when the user asks about login, signup, auth, session, protected routes, user context, JWT, tokens, logout, or permission checks. Covers Supabase Auth, AuthContext, protected routes, and widget auth.

Guide developers through Intility's production go-live checklist for MCP servers, ensuring security compliance with the lethal trifecta rules, Intility Software Engineering Policy, and infrastructure requirements. Use when a developer is ready to deploy an MCP server to production.

Analyze and validate meta tags on web pages. Use when users ask to check meta tags, verify SEO tags, audit page titles, check Open Graph tags, verify canonical URLs, or analyze social sharing tags. Detects missing title, description issues, duplicate tags, and Open Graph problems.