Testing & Security

Use when encountering any bug, test failure, or unexpected behavior, before proposing fixes

Comprehensive SecOps skill for application security, vulnerability management, compliance, and secure development practices. Includes security scanning, vulnerability assessment, compliance checking, and security automation. Use when implementing security controls, conducting security audits, responding to vulnerabilities, or ensuring compliance requirements.

Enterprise-grade cloud architecture expertise with production-ready patterns for AWS (Lambda 3.13, ECS/Fargate 1.4.0, RDS, CDK 2.223.0), GCP (Cloud Run Gen2, Cloud Functions 2nd gen, Cloud SQL), Azure (Functions v4, Container Apps, AKS), and multi-cloud orchestration (Terraform 1.9.8, Pulumi 3.x, Kubernetes 1.34). Covers serverless architectures, container orchestration, multi-cloud deployments, cloud-native databases, infrastructure automation, cost optimization, security patterns, and disaster recovery for 2025 stable versions.

dbt best practices for models, tests, documentation, and project organization.

Test-driven development with Result types. Red-green-refactor cycles using vitest-mock-extended, explicit deps mocking, and Result assertions.

OAuth 2.0 and OpenID Connect implementation patterns. Use when implementing authentication, authorization flows, or integrating with OAuth providers like Google, GitHub, or custom identity providers.

Generate security assessment reports in docx format with findings, risk ratings, and remediation recommendations.Use when: User asks for security audit report, vulnerability assessment document, penetration test report, or compliance gap analysis document.Keywords: security report, audit findings, vulnerability report, pentest report

ISO 27001 ISMS expert. Provides guidance on management system requirements, Annex A controls, certification process, and continuous improvement for information security.

Web and code search with Exa MCP. Use for current documentation, API references, code examples, latest library info, or when the user mentions "exa", "web search", "docs", or "current API".

编写用于新华三技术有限公司H3C网络设备自动化测试脚本。支持全库检索、迭代优化策略以及过程文档自动归档。

Manage PrismaClient lifecycle with graceful shutdown, proper disconnect timing, and logging configuration. Use when setting up application shutdown handlers, configuring logging for development or production, or implementing proper connection cleanup in Node.js servers, serverless functions, or test suites.

セキュリティレビュー - OWASP Top 10、インジェクション対策、認証・セッション管理、セキュリティヘッダーの観点からコードをレビュー

Autonomously build and test web applications using Playwright MCP server. Enables iterative development with automatic verification - make changes, run the app, visually verify, check for errors, and iterate. Use when building websites, debugging UI issues, or implementing features that need visual verification.

Reviews code changes in the Nick Stack codebase, checking for tech stack patterns, security, type safety, and best practices. Use when reviewing PRs, commits, or code changes.

Conducts comprehensive UI/UX and accessibility audits of React components and pages. Use when reviewing designs for quality, checking WCAG compliance, verifying responsive behavior, or validating color contrast. Triggers on audit requests, accessibility checks, or design reviews.

Implement comprehensive input validation on server-side with complementary client-side validation for user experience, using allowlists, type checking, and sanitization to prevent injection attacks. Use this skill when validating user inputs, form data, API requests, file uploads, query parameters, or any external data entering the application. Apply this skill when implementing server-side validation as the primary security layer, adding client-side validation for immediate user feedback, validating data types and formats, checking ranges and required fields, sanitizing inputs to prevent SQL injection and XSS attacks, using allowlists over blocklists, providing field-specific error messages, or enforcing business rules at appropriate application layers. This skill ensures validation happens at all entry points consistently, security is never dependent on client-side checks alone, users receive helpful immediate feedback, and data integrity is maintained through multiple layers of validation.

Data validation and pipeline testing utilities for ML training projects. Validates datasets, model checkpoints, training pipelines, and dependencies. Use when validating training data, checking model outputs, testing ML pipelines, verifying dependencies, debugging training failures, or ensuring data quality before training.

Generate comprehensive coverage report with requirement traceability mapping. Shows coverage per REQ-*, gaps, trends, and recommendations. Use for status dashboards, quality reviews, or compliance audits.

Garante que as alterações de código no Daylyou são pequenas, seguras e testáveis.

Analyze the codebase for security vulnerabilities, including dependency issues, improper data handling, and configuration risks.