測試與安全

Extract mathematical formulas (F-*) from requirements - calculations, algorithms, conversions. Enables autogeneration of calculation functions with tests. Use when requirements involve math, dates, percentages, or algorithms.

Validates compliance with 9 Constitutional Articles and Phase -1 Gates before implementation.Trigger terms: constitution, governance, compliance, validation, constitutional compliance,Phase -1 Gates, simplicity gate, anti-abstraction gate, test-first, library-first,EARS compliance, governance validation, constitutional audit, compliance check, gate validation.Enforces all 9 Constitutional Articles with automated validation:- Article I: Library-First Principle- Article II: CLI Interface Mandate- Article III: Test-First Imperative- Article IV: EARS Requirements Format- Article V: Traceability Mandate- Article VI: Project Memory- Article VII: Simplicity Gate- Article VIII: Anti-Abstraction Gate- Article IX: Integration-First TestingRuns Phase -1 Gates before any implementation begins.Use when: validating project governance, checking constitutional compliance,or enforcing quality gates before implementation.

Automated code review for quality, security, and best practices.LOAD THIS SKILL WHEN: User asks to "review", "check", "audit" code | mentions "PR", "pull request" | discusses "code quality", "bugs", "security" | says "幫我看", "檢查", "審查" | before git commits.CAPABILITIES: naming conventions, DRY principle, complexity analysis, SQL injection, XSS, memory leaks, test coverage.

100 actionable landing page optimization tips covering design, copy, conversion, UX, testimonials, pricing, and psychology. Use when creating, reviewing, or optimizing landing pages, sales pages, product pages, or any page with a conversion goal. Based on Rob Hope's Landing Page Hot Tips.

QA engineer and test automation specialist with deep expertise in Flutter testing. Use for designing test strategies, writing unit/widget/integration tests, improving test coverage, and ensuring code reliability.

Review test cases for ID Token validation. Covers ID Token structure, required/conditional claims, signature validation (RS256), and all validation rules per OIDC Core 1.0 Section 2 and 3.1.3.7.

Generate pytest tests with parametrization, shared fixtures, minimal mocking. Use for unit tests and test coverage. Follows 1-1 file mapping and real object testing.

Analyze code changes for security vulnerabilities using LLM reasoning and threat model patterns. Use for PR reviews, pre-commit checks, or branch comparisons.

Analyze website cookie consent compliance by testing consent banner behavior.Use when asked to audit cookies, check GDPR/CCPA compliance, analyze tracking,or assess consent mechanisms on websites.

Orchestrator agent that coordinates all BarqNet specialized agents (backend, integration, client, documentation, audit, testing) to execute complete end-to-end workflows. Plans multi-agent deployments, manages task dependencies, tracks progress across all platforms, and ensures comprehensive completion. Use for complex multi-component tasks, full-stack features, or production deployments.

Implement accessible user interfaces with semantic HTML, keyboard navigation, sufficient color contrast, screen reader support, ARIA attributes, and proper focus management. Use this skill when creating or editing React components (.tsx, .jsx files), when implementing forms with labels and inputs, when building interactive elements (buttons, modals, menus, dialogs), when implementing keyboard navigation, when choosing colors and ensuring contrast ratios, when adding ARIA attributes, when testing with screen readers, when implementing focus states and focus management, or when creating heading structures and page landmarks.

Target-agnostic bug bounty hunting methodology with parallel recon, systematic testing workflows, and vulnerability-specific exploitation guidance

A skill for setting up and running end-to-end browser tests using Playwright. It includes guidance on project setup, the Page Object Model, user flow testing, visual regression, cross-browser configuration, and CI integration. Use this when a user wants to implement browser-based E2E testing.

Enterprise CLI patterns using oclif framework with TypeScript. Use when building oclif CLIs, creating plugins, implementing commands with flags/args, adding auto-documentation, testing CLI commands, or when user mentions oclif, enterprise CLI, TypeScript CLI, plugin system, or CLI testing.

This skill provides complete coverage of Google Gemini embeddings API (gemini-embedding-001) for building RAG systems, semantic search, document clustering, and similarity matching. Use when implementing vector search with Google's embedding models, integrating with Cloudflare Vectorize, or building retrieval-augmented generation systems. Covers SDK usage (@google/genai), fetch-based Workers implementation, batch processing, 8 task types (RETRIEVAL_QUERY, RETRIEVAL_DOCUMENT, SEMANTIC_SIMILARITY, etc.), dimension optimization (128-3072), and cosine similarity calculations. Prevents 8+ embedding-specific errors including dimension mismatches, incorrect task types, rate limiting issues (100 RPM free tier), vector normalization mistakes, text truncation (2,048 token limit), and model version confusion. Includes production-ready RAG patterns with Cloudflare Vectorize integration, chunking strategies, and caching patterns. Token savings: ~60%. Production tested.Keywords: gemini embeddings, gemini-embedding-001, g

Final SEO audit and technical implementation. Use at the END of a project to verify all pages, implement technical SEO (sitemap.xml, robots.txt, schema), and check for ranking readiness. Triggers on "SEO audit", "final SEO check", "verify SEO", "implement technical SEO".

Dynamic security testing of web forms using Playwright browser automation. Sends actual payloads to test for vulnerabilities. REQUIRES USER CONFIRMATION before execution. Use when user wants to "test payloads", "dynamic security test", "exploit testing", "penetration test forms".

D1 adapter & error prevention guide for better-auth v1.4+. Use when implementing authentication with D1 databases, troubleshooting auth issues, or working with better-auth in TanStack Start or Cloudflare Workers environments.

This skill should be used when writing test cases, fixing bugs, analyzing code for potential issues, or improving test coverage for JavaScript/TypeScript applications. Use this for unit tests, integration tests, end-to-end tests, debugging runtime errors, logic bugs, performance issues, security vulnerabilities, and systematic code analysis.

Create, validate, test, and manage data contracts using the Open Data Contract Specification (ODCS) and the datacontract CLI. Use when working with data contracts, ODCS specifications, data quality rules, or when the user mentions datacontract CLI or data contract workflows.