Penetration Testing

Automated security audit workflow for pre-deployment verification. Triggers when user requests security checks, vulnerability scanning, or pre-deployment audits. Use for identifying OWASP Top 10 vulnerabilities, RLS policy gaps, and exposed secrets.

Koin dependency injection framework for Kotlin. Use for Kotlin DI, Android development, Ktor backend, Compose Multiplatform, dependency injection patterns, and module definitions.

Create controller classes with dependency injection that expose clean public interfaces for use cases following clean architecture patterns.

Lead web application penetration testing coordinator that orchestrates comprehensive security assessments by spawning specialized vulnerability testing subagents. Delegates all vulnerability testing to specialized subagents in .claude/agents directory.

Use this skill when helping write content for tacosdedatos newsletter/blog. Provides complete voice analysis, structural patterns, engagement mechanics, and writing principles for the distinctive bilingual tech-writer voice. Use for brainstorming post ideas, structuring drafts, writing posts, editing for voice authenticity, creating headlines, quality checking drafts, and generating quick outlines. Essential for maintaining the unique tacosdedatos voice that blends Spanish/English, technical depth with accessibility, vulnerability with expertise, and Mexican cultural identity with Bay Area tech culture.

Execute safe SELECT queries against MySQL/MariaDB databases with connection pooling, SQL injection prevention, and automatic result formatting. Activated when users mention "mysql", "mariadb", or need SQL database operations.

Common vulnerability patterns in Solidity and how to prevent them. Use when reviewing contracts for security issues or learning about common exploits.

Enforce the fn(args, deps) pattern: functions over classes with explicit dependency injection

FastAPI 0.121+ production patterns with async SQLAlchemy 2.0.44, Pydantic V2.12.4, dependency injection, and enterprise architecture. Use for REST API development.

Generates entrypoint.sh script for Docker container runtime environment variable injection. Replaces placeholder values in built assets with actual environment variables at container startup.

Automated code review for quality, security, and best practices.LOAD THIS SKILL WHEN: User asks to "review", "check", "audit" code | mentions "PR", "pull request" | discusses "code quality", "bugs", "security" | says "幫我看", "檢查", "審查" | before git commits.CAPABILITIES: naming conventions, DRY principle, complexity analysis, SQL injection, XSS, memory leaks, test coverage.

Implements security features following OWASP guidelines. Use when validating input, preventing XSS, adding rate limiting, verifying auth, or handling file uploads. Includes security-utils, sanitize-utils, and rate-limiter patterns.

Penetration testing for Android/PC applications. Authorized security testing using Metasploit, Drozer, Burp Suite, and custom exploits. Requires explicit authorization. Triggers on: pentest, penetration test, exploit, attack simulation, red team, security assessment, vulnerability exploitation, authorized testing.

Retrieve statistical and entity data from Google Data Commons about places, demographics, economics, health, education, climate, and other societal topics. For example, population/unemployment/social vulnerability index, etc. This skill provides a way to get DCIDs from place names.

Looks up OWASP Top 10 attack methods, CWE references, and form-specific vulnerability patterns with a bounty hunter mindset. Returns attack vectors, payloads, and payout estimates. Use when user asks about "XSS", "SQL injection", "CSRF", "OWASP", "CWE", "IDOR", "injection", "bypass", "vulnerability", "exploit", "SQLインジェクション", "クロスサイトスクリプティング", "脆弱性".

Use BEFORE implementing any new domain/feature to ensure proper layered architecture with dependency injection. Prevents mixed concerns and tight coupling.

Advanced FastAPI patterns including hierarchical dependency injection, background task management, and type-safe dependency annotation. Triggers: fastapi, dependency-injection, background-tasks, annotated-dependency, permission-chain.

A skill for building RESTful APIs with FastAPI. Use this skill to create a new FastAPI project with a standard project structure, including routers, models, schemas, and services. This skill provides a boilerplate project, CRUD endpoint templates, Pydantic validation examples, and guidance on dependency injection, background tasks, file uploads, and pagination. It leverages async/await for efficient I/O operations. Trigger this skill when a user wants to build a RESTful API using FastAPI, needs a starter project, or wants to learn best practices for FastAPI development.

Guide for using WebViewBridge Swift package to build WebPage (macOS 26.0+) bridges with JavaScript injection and bidirectional communication. Use when integrating WebPage with Swift, injecting JavaScript, or handling JS↔Swift messaging.

Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.