Testing & Security

Create or audit requirements-to-design-to-code-to-test traceability. Builds a traceability matrix (REQ → design/ADR → implementation files → tests → evidence) and flags gaps (unimplemented requirements, untested changes, undocumented decisions). Use when you need a requirements traceability check for a PR/release, regulated/compliance work, or when requirements are drifting from implementation.

Python development for scientific computing and SciTeX projects. Includes testing, debugging, ML practices, and environment management.

pnpm workspace YAML configuration templates and validation logic for monorepo workspace patterns. Includes 5 required standards (architecture-specific patterns for consumer vs library repos, exact path matching, no missing directories, no extra patterns, alphabetical ordering). Critical distinction between consumer repos (specific paths like packages/contracts/*) and library repos (broad patterns like packages/*). Use when creating or auditing pnpm-workspace.yaml files.

Custom Hypothesis strategy patterns for property-based testing. Activated when designing test data generators or property tests.

Guide for building applications with @fpkit/acss components. This skill should be used when composing custom React components from fpkit primitives, validating CSS variable naming conventions, extending fpkit components with custom behavior, or ensuring accessibility compliance in fpkit-based applications. Use when the user needs help with component composition patterns, CSS customization, or accessibility testing. Not for developing the @fpkit/acss library itself.

Ensure Python classes include appropriate, developer-friendly dunder methods—especially __repr__ and __str__. Use when: (1) Writing or modifying Python class definitions in .py files, (2) Refactoring existing Python classes, (3) Adding or improving __repr__, __str__, or natural arithmetic/comparison/container dunders. Do NOT use for: tests, fixtures, mocks, stubs, non-Python files (YAML, JSON, TOML), auto-generated code vendor libraries, or when user explicitly asks not to modify dunders. Ignored paths: tests/, *_test.py, test_*.py, .venv/, build/, dist/, migrations/, __init__.py.

Kumo development assistant for MySQL database management tool. Use when working on Kumo features, understanding architecture, writing tests, or navigating the codebase. Helps with React components, API endpoints, database features, and Electron app development.

This skill should be used when users need to generate realistic fake/test data for recruitment systems including clients, candidates, jobs, and placements. Generates UK-focused CSV data matching ProActive People's business model with customizable record counts and industry sectors.

Maps Braiins Pool API endpoints to MCP tool implementations with proper authentication, rate limiting, retry logic, and error handling patterns.

When working with JSON data in LLM prompts (especially large arrays or tabular data), consider the token-efficient TOON (Token-Oriented Object Notation) format which reduces tokens by 30-70% while maintaining lossless JSON representation and structural validation. Use for reading/writing .toon files, converting JSON↔TOON, or optimizing structured data for LLM consumption with guardrails like [N] counts and {field} headers.

Review code changes using CodeRabbit CLI - supports uncommitted files (task mode) or all PR files vs main branch (pr mode). Catches bugs, security issues, and code quality problems before committing or when reviewing pull requests. Use when: (1) Reviewing uncommitted changes before committing (task mode), (2) Reviewing all changed files in a PR against main branch (pr mode), (3) Working on subtasks and want to check progress, (4) Need feedback on work-in-progress code, (5) Preparing PR for merge, (6) When CodeRabbit review is needed, (7) For bug detection and security scanning, or (8) For automated code quality assessment. Triggers: review code, check code quality, review changes, code review, review PR, check for bugs, security scan, review uncommitted, finalize code, pre-commit review.

Design and conduct user research to understand needs, behaviors, and experiences. Use when user wants "journey mapping", "user interviews", "survey design", "usability testing", "user research", "customer discovery", "card sorting", "information architecture", "accessibility audit", "design critique", "prototype testing", "requirements gathering", "discovery phase", "validation phase", "research planning", or needs to understand users deeply.

Write efficient, secure database queries using ORMs or raw SQL, preventing N+1 problems, SQL injection, and performance issues. Use this skill when writing database queries, implementing data access layers, creating repository patterns, or optimizing query performance in service files, query builders, or data access objects. Apply this skill when using parameterized queries, implementing eager loading to avoid N+1 queries, selecting only needed columns, adding WHERE/JOIN/ORDER BY clauses, or working with query optimization, indexes, and database performance tuning. This skill ensures queries use proper SQL injection prevention, implement transactions for data consistency, cache expensive queries appropriately, and follow best practices for query timeouts, connection pooling, and database resource management.

Expert guidance for writing high-quality pytest tests. Use when writing tests, setting up fixtures, parametrizing, mocking, or reviewing test code.

Comprehensive development workflow specialist combining TDD, debugging, performance optimization, code review, and quality assurance into unified development workflows

Use when creating new skills, editing existing skills, or verifying skills work before deployment - applies TDD to process documentation by testing with subagents before writing, iterating until bulletproof against rationalization

IT8103 Cyber Security course helper (Course ID 2262). Use when user mentions IT8103, Cyber Security, systems critique, security analysis, Assessment 2, or security solutions. Checks Canvas for requirements and modules.

Your approach to handling global validation. Use this skill when working on files where global validation comes into play.

Dependency audit and cleanup workflow for maintaining healthy project dependencies. Use for regular maintenance, security updates, and removing unused packages.

Complete ArgoCD API and CLI skill for GitOps automation. Use when working with ArgoCD for: (1) Managing Applications - create, sync, delete, rollback, get status, (2) ApplicationSets - templated multi-cluster deployments, (3) Projects - RBAC, source/destination restrictions, sync windows, (4) Repositories - add/remove Git repos, Helm charts, OCI registries, (5) Clusters - register, rotate credentials, manage multi-cluster, (6) Accounts - generate tokens, manage users, check permissions, (7) Any ArgoCD REST API calls or argocd CLI commands. Supports both REST API (curl/HTTP) and CLI wrapper approaches with bearer token authentication.