Security

Comprehensive code review checking quality, security, and best practices. Triggers: CR, review, 審查, 檢查, check, 看一下, PR, code review, 品質.

Write and validate Firestore Security Rules following the project's multi-tenancy Blueprint pattern. Use this skill when implementing collection-level security, Blueprint membership validation, role-based permissions, and data access controls. Ensures rules validate BlueprintMember status, check permissions array, enforce data isolation, and integrate with the three-layer architecture where Security Rules are the first line of defense.

PC application security analyzer for Windows/macOS/Linux executables. Static analysis (SAST) for desktop applications including PE/ELF/Mach-O analysis, dependency scanning, SBOM generation. Integrates with cve-checker and cra-code-reviewer for CRA compliance. Triggers on: PC app analysis, Windows exe, macOS app, Linux binary, PE analysis, ELF analysis, desktop security, SBOM generation, dependency scan.

Node.js + Express + TypeScript patterns for FarmGate backend. Use when building API routes, services, middleware, or integrating with CAES authentication.

Security review with blocking authority for critical vulnerabilities

Secure-by-design architecture patterns for Kubernetes. Zero trust, defense in depth, least privilege, and fail-secure patterns with implementation examples and threat models.

Scan code changes for security vulnerabilities using STRIDE threat modeling, validate findings for exploitability, and output structured results for downstream patch generation. Supports PR review, scheduled scans, and full repository audits.

Initiate password reset for customer. Use when customer is locked out, forgot password, or wants to change their password for security.

Revisar uso de Redis reativo como cache consistente de saldo/limites, garantindo TTLs, invalidação e segurança.

Complete Sveltia CMS skill for lightweight, Git-backed content management.Sveltia is the modern successor to Decap/Netlify CMS with 5x smaller bundle (300 KB),faster GraphQL-based performance, and solves 260+ predecessor issues.Use this skill when setting up Git-based CMS for static sites (Hugo, Jekyll,11ty, Gatsby, Astro, SvelteKit, Next.js), blogs, documentation sites, marketingsites, or migrating from Decap/Netlify CMS. Framework-agnostic with first-classi18n support and mobile-friendly editing interface.Prevents 8+ common errors including OAuth authentication failures, TOML formattingissues, YAML parse errors, CORS/COOP policy problems, content not listing, scriptloading errors, image upload failures, and deployment problems. Includes completeKeywords: Sveltia CMS, Git-backed CMS, Decap CMS alternative, Netlify CMS alternative, headless CMS, static site CMS, Hugo CMS, Jekyll CMS, 11ty CMS, Gatsby CMS, Astro CMS, SvelteKit CMS, Next.js CMS, content management, visual editing, markdown CMS, YAM

Comprehensive security specialist that performs vulnerability assessments, secure code reviews, dependency audits, and provides remediation guidance following OWASP, CWE, and industry security standards

Generate and optimize PRDs, Implementation Plans, and Progress Tracking documents optimized as AI artifacts for development agents. Use when creating new feature plans, breaking down long planning docs (>800 lines), or setting up progress tracking. Supports: 1) Create PRD from feature request, 2) Create Implementation Plan from PRD with phase breakdown and subagent assignments, 3) Optimize existing plans by breaking into phase-specific files, 4) Create progress tracking with task assignments. Example: "Create a PRD for user authentication feature" or "Break down the sidebar-polish implementation plan into phase files" or "Create progress tracking for data-layer-fixes PRD".

Security-focused code review guidelines for identifying vulnerabilities

Perform comprehensive code audits on repositories or directories. Use when asked to audit code, review a codebase, analyze code quality, find bugs, check for security issues, review architecture, check SOLID/DRY compliance, or generate a code audit report. Produces well-formatted markdown reports with prioritized recommendations.

Use this skill when integrating Cloudflare Zero Trust Access authentication with Cloudflare Workers applications. Provides Hono middleware setup, manual JWT validation patterns, service token authentication, CORS handling with Access, and multi-tenant configurations. Prevents 8 common errors including CORS preflight blocking (45 min saved), key cache race conditions (20 min), missing JWT headers (30 min), and dev/prod team mismatches (15 min). Saves ~58% tokens (3,250 tokens) and 2.5 hours per implementation. Covers user authentication flows, service-to-service auth, geographic restrictions, role-based access control, and Access policy configuration.Keywords: Cloudflare Access, Zero Trust, Cloudflare Zero Trust Access, Access authentication, JWT validation, access jwt, service tokens, hono cloudflare access, hono-cloudflare-access middleware, workers authentication, protect worker routes, admin authentication, access policy, identity providers, azure ad access, google workspace access, okta access, github a

Use when you need to research, analyze, and plan technical solutions that are scalable, secure, and maintainable.

Web application security patterns including STRIDE threat modeling, OWASP Top 10 compliance, ABP authorization, and security audit procedures. Use when: (1) conducting security audits, (2) implementing authentication/authorization, (3) creating threat models, (4) reviewing code for vulnerabilities.

Production-tested integration patterns for connecting React frontends to Cloudflare Worker backendswith Hono, Clerk authentication, and D1 databases. Prevents common frontend-backend connection issues,CORS errors, auth token failures, and race conditions.Use when: connecting frontend to backend, implementing auth flow, setting up API calls,troubleshooting CORS, fixing race conditions, auth tokens not passing, frontend-backend connection errors,401 errors, integrating Clerk with Workers, setting up full-stack Cloudflare app, vite cloudflare plugin setup.Prevents: CORS errors, 401 Unauthorized, auth token mismatches, race conditions with auth loading,environment variable confusion, frontend calling wrong endpoints, JWT verification errors, D1 connection issues.Keywords: frontend backend integration, Cloudflare Workers, Hono, Clerk auth, JWT verification, CORS, React API client,race conditions, auth loading, connection issues, full-stack integration, vite plugin, @cloudflare/vite-plugin,D1 database,

Specialized agent for BarqNet backend development. Focuses on Go backend API development, PostgreSQL database management, authentication systems, JWT tokens, OpenVPN integration, and production-ready backend architecture. Use this skill when working on server-side code, API endpoints, database migrations, or backend infrastructure.

Code review and quality assurance specialist for ensuring code quality, security, and maintainability