Testing & Security

Patterns for writing effective, maintainable tests

CI/CD pipeline failure resolution with autonomous iteration loops. Local validation → branch & PR creation → CI monitoring → iteration until green. Proven patterns for GitHub Actions, includes role-specific adaptations. Use when CI pipeline failures occur, GitHub Actions errors detected, autonomous error resolution needed, PR creation for fixes required. Triggers on ci pipeline failures, github actions errors, autonomous ci resolution, ci iteration, pr creation for errors, pipeline validation, test failures in ci, build failures in ci, continuous integration debugging.

Test-Driven Development workflow - write tests first, then implementation

UX research and design toolkit for Senior UX Designer/Researcher including data-driven persona generation, journey mapping, usability testing frameworks, and research synthesis. Use for user research, persona creation, journey mapping, and design validation.

Comprehensive testing strategy covering test pyramids, framework selection, coverage standards, test organization, mocking patterns, and CI/CD integration. Activate when planning testing approaches, setting quality gates, or establishing test standards.

WHEN: Security scan, vulnerability detection, XSS/CSRF analysis, secret exposure, OWASP Top 10WHAT: XSS/injection detection + hardcoded secrets + auth/authz issues + severity-based vulnerability listWHEN NOT: Performance → perf-analyzer, Cloud security → cloud-security-expert

Cypress E2E testing standards including framework adaptations, test organization, and best practices

Master third-party API integration in ANY language with best practices and patterns. Use when connecting to external services, handling OAuth, or implementing webhooks.

Design, optimize, and refactor AI agent systems based on Anthropic best practices and latest research. Guides you through architectural decisions with interactive questionnaire, loads current documentation, and launches specialized agent-architect for detailed analysis.

Use when mapping audit targets to appropriate config or domain agents. Analyzes file types, patterns, and content to determine which agents should audit each file/target. Returns agents[] needed for audit workflow.

Level 3 patterns - test-smart, deploy, migrate, logs, status (production systems)

Use when user requests scientific debugging, mentions being a scientist about debugging, or asks for rigorous hypothesis testing - enforces formal theory-experiment cycles with clear evidence requirements, no smoking guns or assumptions

FastAPI backend development with SQLAlchemy 2.0, Pydantic v2, and async Python. Use for API endpoints, database models, migrations, authentication, and background tasks.

Review code for Next.js 16 compliance - security patterns, caching, breaking changes. Use when reviewing Next.js code, preparing for migration, or auditing for violations.

Execute TDD workflow for user stories - spawn tester agent to write tests (RED), then coder agent to implement (GREEN). Use when executing stories in test-first discipline with parallel wave-based orchestration.

Generates .env.local file for local development environment variables. Contains developer-specific configuration like API URLs, ports, and feature flags. Gitignored for security.

Organizes E2E test screenshots from CI/CD artifacts (user-console-monorepo), backs up previous assets, and guides annotation workflow for documentation.

Assume AWS IAM role for CloudFormation operations and set temporary credentials as environment variables. Use when working with CloudFormation stacks or when authentication setup is needed before AWS CloudFormation operations.

Detects OS command injection vulnerabilities by identifying unsafe system/popen/exec calls with user-controlled input. Use when analyzing command execution, shell operations, or investigating potential command injection points.

Analyze codebases to generate optimal Claude Code Sandbox configurations. Use this skill when users need to set up sandbox security settings for their projects. This skill should be triggered when users ask about sandbox configuration, security settings, or when setting up Claude Code for a new project. It analyzes the codebase stack (Node.js, Python, Rust, Go, PHP, etc.), detects dependencies, and generates appropriate sandbox and permission settings through an interactive Q&A process.