Testing & Security

Audit and exploit smart contracts and Web3 applications including reentrancy, integer overflow, access control flaws, and DeFi-specific vulnerabilities. Use when testing blockchain applications or performing smart contract audits.

Comprehensive security and authentication workflow that orchestrates security architecture, identity management, access control, and compliance implementation. Handles everything from authentication system design and authorization frameworks to security auditing and threat protection.

Run and interpret the File API vs Inline benchmark for Gemini performance testing. Use when discussing performance optimization, caching strategies, or comparing document upload approaches.

Features and safe usage patterns for the pixEngine template engine used in the repository. Use when authoring templates to ensure security and correct rendering.

Google Workspace 통합 스킬. Docs, Sheets, Drive, Gmail, Calendar API 연동. OAuth 2.0 인증, 서비스 계정 설정, 데이터 읽기/쓰기 자동화 지원.

Interactive UI/visual QA workflows using Playwright MCP for test generation, accessibility audits, visual regression, and cross-browser testing

Kyverno policy templates overview. 28 production-ready policies for pod security, image validation, resource limits, network security, mutation, and generation.

Automatically commits changes using conventional commits format (feat:, fix:, docs:, chore:, refactor:, test:, style:). Use after completing bug fixes, feature implementations, or documentation updates. Triggered automatically via Stop hook.

Standard Operating Procedure for /implement phase. TDD workflow, anti-duplication checks, task execution, and continuous testing.

Comprehensive code review with parallel specialist sub-agents. Analyzes requirements traceability, code quality, security, performance, accessibility, test coverage, and technical debt. Produces detailed findings and calls /qa-gate for final gate decision.

Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.

Browser automation scripts for testing, screenshots, and web interaction. 16 scripts with persistent state.

Looks up OWASP DevSecOps Guideline phases, security tools, and pipeline checks. Returns tool configurations, CWE mappings, and integration patterns for CI/CD security. Use when user asks about "DevSecOps", "SAST", "DAST", "SCA", "container security", "IaC security", "secret detection", "gitleaks", "semgrep", "trivy", "pipeline security", "シークレット検出", "静的解析", "動的解析", "コンテナセキュリティ", "セキュリティゲート".

Improve newsletter open rates through better subject lines. Use when:(1) Writing subject lines for tacosdedatos editions, (2) Analyzing why an editionhad low open rates, (3) A/B testing subject line variants, (4) Reviewing subjectlines before sending. Produces 5-10 variants with recommendations.

Implement comprehensive validation using Zod schemas for type-safe validation on both client and server, with server-side validation as the security boundary (never trust client input). Use this skill when validating user inputs, creating API endpoints that accept data, implementing forms, defining data schemas, validating file uploads, creating validation middleware, implementing Firestore security rules or Supabase RLS, or writing validation rules for any user-provided data. Apply when working on API route handlers, form components with React Hook Form, validation middleware, Zod schema definitions (schemas/*.ts, validation/*.ts), Firestore security rules (firestore.rules), Supabase RLS policies, or any code that accepts external input. This skill ensures server-side validation always (client-side is for UX only), Zod for schema validation with TypeScript type inference (z.infer<typeof schema>), validation middleware factory for Express/Bun APIs, React Hook Form + zodResolver for forms, user-friendly error

Multi-agent debate orchestration for Architecture Decision Records. Automatically triggers on ADR create/edit/delete. Coordinates architect, critic, independent-thinker, security, analyst, and high-level-advisor agents in structured debate rounds until consensus.

Methodological skill for Test-Driven Development in NestJS backend. This skill should be used when strict quality requirements demand tests-first approach, refactoring critical services, or building MVPs with mandatory coverage. Complements nestjs-architect skill with TDD methodology.

Go language consultant providing guidance on best practices, testing with testify, concurrency patterns, error handling, and technology stack recommendations. Use when answering Go questions, reviewing Go code, or advising on Go implementation approaches.

Expert at testing API endpoints, Supabase RPC functions, and database queries. Use when asked to test endpoints, verify API responses, check RPC functions, debug API issues, or validate data flows.

Generate and run unit and integration tests using pytest (Python) or Jest (JavaScript) with fixtures, mocks, and async support. Use for test-driven development, code review validation, coverage verification, and regression testing. Target 80%+ code coverage. Supports pytest markers, Jest snapshots, and CI/CD integration. Triggers on "test", "TDD", "unit test", "integration test", "test coverage", "pytest", "jest".