Testing & Security

Use this skill when working with Decap CMS (formerly Netlify CMS) configuration, OAuth authentication, collection setup, or editorial workflow. Triggers include CMS configuration issues, GitHub backend authentication problems, collection schema design, field widget configuration, or media library integration. Critical for Triunghi.md's headless CMS architecture.

Comprehensive Claude Code conversation analysis skill for deep-diving into CC session logs.Use when analyzing exported Claude Code conversations to understand: project patterns, error rates,command failures, security risks, session duration, tool usage, and workflow efficiency.Triggers: "analyze conversation", "CC analysis", "conversation analysis", "session review","Claude Code logs", "analyze my sessions", "review CC usage", "conversation insights","what went wrong in my session", "session forensics", "CC forensics"

Framework for developing, testing, and deploying trading strategies for prediction markets. Use when creating new strategies, implementing signals, or building backtesting logic.

Use this when you have completed some feature implementation and have written passing tests, and you are ready to create a PR.

Run dotnet test, capture failed test cases, and generate a rerun filter plus a markdown failure summary. Use when test runs fail and you need a focused rerun command or a compact failure report.

Use when encountering any bug, test failure, or unexpected behavior, before proposing fixes - four-phase framework (root cause investigation, pattern analysis, hypothesis testing, implementation) that ensures understanding before attempting solutions

Systematic development skill for H2 Tank Designer frontend and mock server. Use when building, testing, or modifying the H2 Tank Designer project. Enforces TDD, RTM-driven development, and phased validation. Ensures agent stays on track with specifications, validates against 189 requirements, and follows best practices for Next.js, React, TypeScript, and Three.js development.

Implement comprehensive security for shared library. Use when working with security audits, dependency vulnerabilities, API security, token encryption, or secure coding practices for library consumers. Library security impacts all consuming plugins.

Detects logic bypass vulnerabilities including authentication bypass, authorization bypass, and business logic flaws. Use when analyzing authentication mechanisms, access controls, or investigating security control bypasses.

Visual regression testing for web pages. Compares screenshots to detect UI changes, generates overlay images highlighting differences. Use after making frontend changes to verify visual correctness, catch unintended side effects, or validate that changes look as expected.

This skill should be used when the user asks to "write a readme", "create readme", "generate readme", "improve readme", "audit readme", "review readme", "fix readme", "readme best practices", "readme standard", "perfect readme", or mentions README quality, documentation standards, or developer experience documentation.

Use the 1Password CLI (`op`) to securely retrieve secrets. Load this skill when users ask to 'get a password from 1Password', 'retrieve a secret', 'fetch credentials from the vault', 'use op to read', or need to pass secrets to commands, environment variables, or files. CRITICAL: Never display secret values in conversation - always consume them inline with redirection or command substitution.

Collects latest tour information and travel insights for a specific destination using Perplexity API

Create, update, test, and manage Agent Skills. Use when creating new skills, debugging existing ones, or organizing skill libraries. Based on official Claude Code documentation.

Review Vitest configuration for deprecated patterns and best practices. Use when reviewing test configuration or vitest setup.

Comprehensive code review knowledge including security, performance, accessibility, and quality standards across multiple languages and frameworks

Complete workflow for implementing data services and database architecture after the Implementer Agent has completed use cases. Provides rigorous step-by-step processes for making data service tests pass through pure database implementations, RLS policy optimization, and schema design. Use when implementing data layer, configuring Row Level Security, designing database schemas, or optimizing query performance. Mandatory Context7 consultation for latest Supabase best practices.

WHEN: TypeScript code review, type safety audit, tsconfig analysis, TS migration reviewWHAT: Type safety checks + any usage audit + generic patterns + strict mode + compiler options analysisWHEN NOT: React specific → nextjs-reviewer, Node.js backend → nodejs-reviewer, General code → code-reviewer

PAI (Personal AI Infrastructure) - Your AI system core. AUTO-LOADS at session start. USE WHEN any session begins OR user asks about PAI identity, response format, stack preferences, security protocols, or delegation patterns.

Use when reviewing code for quality, design issues, implementation problems, security vulnerabilities, or architectural concerns. Apply when user asks to review code, check implementation, find issues, or audit code quality. Use proactively after implementation is complete. Also use to provide feedback to system-architect and principal-engineer on design and implementation decisions.