Testing & Security

Run Python code in lesson context with proper uv and venv handling for agent-spike project. Activate when user wants to run tests, demos, or CLI commands for lessons in lessons/ directories. Project-specific for agent-spike multi-agent learning.

Comprehensive Python data engineering patterns for AWS Data Lake, including PySpark, Pandas, Apache Airflow, AWS Glue, ETL pipelines, data quality, schema management, performance optimization, FastAPI services, streaming with Kafka/Kinesis, data validation with Great Expectations, testing strategies, error handling, logging, and production deployment on AWS EMR and Glue.

Playwright E2E testing patterns with chrome-devtools MCP integration.Reference for integration tests, A11y validation, and visual regression.

Email operations skill for sending, fetching, and reading emails via IMAP/SMTP.Uses curl with OpenSSL/LibreSSL for reliable TLS compatibility with Tencent Enterprise Mail and other providers.Credentials are securely stored in macOS Keychain.

Manage dependencies with npm/yarn/pnpm. Use for auditing vulnerabilities, checking outdated packages, understanding dependency trees, and upgrading packages safely.

Review and mitigate XSS risks in WebF apps (sanitize HTML, validate input, avoid unsafe string rendering). Use when the user mentions XSS, sanitize HTML, innerHTML-like rendering, user-generated HTML, or “untrusted input”.

Guide developers through CI/CD pipeline design including architecture patterns, stage design, and security considerations

Ansible Vault file naming, encryption, and template conventions for managing secrets. Covers vault_ prefix patterns, entire-file encryption patterns, template file requirements, .gitignore rules, and setup workflows for consistent secret management across environments.

Use when completing implementation, before escalating to human review, or when human checkpoint is reached - performs AI-assisted code review covering security, AI-specific issues, logic errors, and architecture to ensure humans see fresh analysis

Post-deployment validation and health check scripts for validating HTTP endpoints, APIs, MCP servers, SSL/TLS certificates, and performance metrics. Use when deploying applications, validating deployments, testing endpoints, checking SSL certificates, running performance tests, or when user mentions health checks, deployment validation, endpoint testing, performance testing, or uptime monitoring.

Searching internet for technical documentation using llms.txt standard, GitHub repositories via Repomix, and parallel exploration. Use when user needs: (1) Latest documentation for libraries/frameworks, (2) Documentation in llms.txt format, (3) GitHub repository analysis, (4) Documentation without direct llms.txt support, (5) Multiple documentation sources in parallel

Safe deployment of Polymarket trading bot with regression tests and active trade protection

Execute surgical code refactors using single, named refactoring patterns with test verification. Use only when user explicitly requests to refactor code or perform a specific refactoring pattern. Analyzes complexity, establishes test baseline, previews changes with quality checks, executes refactoring, and verifies tests still pass.

Use this when running or adding tests (compile/lint/unit/E2E), updating test utilities, or working with Playwright/visual testing in markdowntown.

Private GKE cluster setup, Workload Identity, and Shielded Nodes with Binary Authorization using Terraform.

Implement disaster recovery and backup strategies for Proxmox. Create and manage backups, test recovery procedures, and ensure business continuity for your infrastructure.

When reviewing coding test solutions. This Skill reviews coding test solutions and provides feedback. it adds an evaluation section to the README.md file in the problem-solving folder, including areas for improvement, strengths, and other application ideas based on the provided template. Use this skill when user requests "코테 리뷰", "풀이 리뷰", "리뷰 작성", "리뷰를 작성해줘", "코드 리뷰", or any similar coding test review request.

Perform comprehensive risk assessments on OSCAL systems including threat modeling, vulnerability analysis, risk scoring, and POA&M generation. Use this skill to evaluate security posture and prioritize remediation efforts.

Use GitHub CLI (gh) to interact with GitHub repositories, pull requests, issues, CI/CD workflows, and security alerts. Use when the user asks about remote repository status, workflow runs, PR/issue management, or GitHub operations.

Create, configure, and optimize GitHub Actions including action types, triggers, runners, security practices, and marketplace integration