測試與安全

Container security, secret management, compliance, and secure infrastructure.

Package Go CLIs as minimal secure containers with distroless base images. Static binaries, non-root users, read-only filesystems for production.

Lossless image optimization using ImageOptim on macOS. Use when user mentions ImageOptim, asks to optimize images, or invokes /image-optim.

Better Auth authentication library for TypeScript. Covers session management, passkeys, social auth, and organization features. Triggers on better-auth, auth, session, passkey.

Senior Backend Developer with 10+ years Java and 5+ years Spring Boot experience. Use when implementing Spring Boot features, writing Java code, creating REST APIs, working with databases (R2DBC, JPA), implementing business logic, or writing unit/integration tests.

Security auditing with OWASP Top 10 2025 compliance and vulnerability detection

Format concise, actionable test plans for Jira tickets using existing fptest tools and minimal MongoDB operations

Build production-grade FastAPI backends with SQLModel, Dapr integration, and JWT authentication.Use when building REST APIs with Neon PostgreSQL, implementing event-driven microservices withDapr pub/sub, scheduling jobs, or creating CRUD endpoints with JWT/JWKS verification.NOT when building simple scripts or non-microservice architectures.

TLA+ formal verification for modeling and verifying concurrent algorithms and distributed systems.Use when asked about: TLA+, formal verification, model checking, verify algorithm, verify spec,check invariants, race condition analysis, concurrency model, TLC, Apalache, formal spec,temporal logic, prove correctness, state machine verification, model concurrent, TOCTOU,double-check locking, create TLA spec, run TLC, explain counterexample, verify safety,liveness property, deadlock detection, formal methods.Capabilities: Create specs from templates, run TLC/Apalache, generate CI pipelines,check code-spec drift, explain counterexamples, generate tests from invariants.

Test iOS apps using AXe CLI for accessibility auditing, UI automation, and simulator control. Use when testing iOS Simulator apps, automating UI interactions, recording test videos, or auditing accessibility labels and VoiceOver support.

Use when testing Android apps on ADB-connected devices/emulators - UI automation, screenshots, location spoofing, navigation, app management. Triggers on ADB, emulator, Android testing, location mock, UI test, screenshot walkthrough.

Generates integration tests for system components and workflows

Expert in managing YouTube content using YouTube Data API v3 and yt-dlp. **Use this skill whenever the user mentions 'YouTube', 'video download', 'playlist', 'YouTube videos', 'download from YouTube', or requests to list playlists, search videos, download videos, manage playlists, or any YouTube-related operations.** Handles authentication via OAuth, listing playlists (including Watch Later and Liked Videos), getting playlist items, downloading videos with yt-dlp, searching videos, getting video details, creating/deleting playlists, and adding/removing videos from playlists. (project, gitignored)

Expert skill for implementing Better Auth with JWT tokens and JWKS (JSON Web Key Set) for secure authentication between Next.js frontend and FastAPI backend. Handles JWT token generation, verification, JWKS endpoint setup, and secure API communication. Includes setup for database integration, session management, and user isolation. Use when implementing authentication between frontend (Next.js) and backend (FastAPI) services with JWT tokens and JWKS.

Test data generation patterns using Bogus, test builders, and ABP seeders. Use when: (1) creating realistic test data, (2) implementing test data seeders, (3) building test fixtures, (4) generating fake data for development.

GitHub/Railway housekeeping for CI env/secret management and DX maintenance.Use when setting or auditing GitHub Actions variables/secrets, syncing Railway env → GitHub, or fixing CI failures due to missing env.

Test-Driven Development workflow - write tests first, then implementation

UX research and design toolkit for Senior UX Designer/Researcher including data-driven persona generation, journey mapping, usability testing frameworks, and research synthesis. Use for user research, persona creation, journey mapping, and design validation.

Comprehensive testing strategy covering test pyramids, framework selection, coverage standards, test organization, mocking patterns, and CI/CD integration. Activate when planning testing approaches, setting quality gates, or establishing test standards.

WHEN: Security scan, vulnerability detection, XSS/CSRF analysis, secret exposure, OWASP Top 10WHAT: XSS/injection detection + hardcoded secrets + auth/authz issues + severity-based vulnerability listWHEN NOT: Performance → perf-analyzer, Cloud security → cloud-security-expert