Testing & Security

Python async/await patterns with asyncio, concurrent.futures, threading, and multiprocessing. Covers async context managers, timeouts, cancellation, common pitfalls (blocking in async, missing await, event loop issues), and choosing between async/threading/multiprocessing. Use when writing async code, debugging async issues, choosing concurrency approaches, or testing async functions.

Systematic approach to reviewing code for quality, security, and maintainability

Vitest - Modern TypeScript testing framework with Vite-native performance, ESM support, and TypeScript-first design

Parse WCAG accessibility scan reports and combine with personal accessibility testing experiences to generate compelling, evidence-based violation narratives that cite both user impact and technical violations. Generates plain-text complaint narratives suitable for demand letters, legal notices, and accessibility audit reports.

Use when implementing any feature or bugfix, before writing implementation code - write the test first, watch it fail, write minimal code to pass; ensures tests actually verify behavior by requiring failure first

Review React components for best practices, hooks usage, performance issues, accessibility, and TypeScript type safety. Use when you need to audit existing React components or provide code review feedback.

Standard Operating Procedure for /optimize phase. Covers performance benchmarking, accessibility audit, security review, and code quality checks.

Securely upload GitHub Actions secrets via gh CLI. Use when GitHub Actions workflow requires secrets or user invokes /setup-github-secrets. NEVER commits secrets.

Toolkit para interagir e testar aplicações web locais usando Chrome DevTools MCP. Suporta verificação de funcionalidade frontend, debugging de UI, captura de screenshots, análise de performance, inspeção de network e visualização de logs do console.

MUST INVOKE this skill when working with subagents, setting up agent configurations, understanding how agents work, or using delegation tools to launch specialized agents. Create, audit, and maintain AI subagents and delegation tools.

Complete guide for adding new self-hosted applications to the home-server Ansible infrastructure. Use this skill when the user wants to add a new service, create a new role, or deploy a new self-hosted application. Covers role structure, integration patterns (firewall, NGINX, SELinux, DNS), installation methods (binary, package, container), and testing procedures.

Coverage thresholds and reporting. Use when analyzing and improving test coverage.

Backup, restore, and validate golden datasets for AI/ML systems - ensuring test data integrity and preventing catastrophic data loss

Write and run Rust tests using cargo test with unit tests, integration tests, doc tests, and property-based testing. Use when writing Rust tests or setting up test infrastructure.

Browser automation with Playwright for testing and validation. Use when user asks to test a page, verify UI, take screenshots, check responsive design, fill forms, or validate web functionality. Writes and executes custom automation scripts.

Comprehensive Ruby on Rails v8.1 development guide with detailed documentation for Active Record, controllers, views, routing, testing, jobs, mailers, and more. Use when working on Rails applications, building Rails features, debugging Rails code, writing migrations, setting up associations, configuring Rails apps, or answering questions about Rails best practices and patterns.

⚡ AUTO-INVOKE when user asks: 'audit', 'investigate', 'how does X work', 'find all', 'where is', 'trace', 'understand', 'map the codebase', 'comprehensive'. MUST run BEFORE Read/Glob when planning to read 3+ files. Prevents tool familiarity bias toward native tools.

AI-Powered Security Testing Toolkit - Professional penetration testing tools with intelligent agent-empowering capabilities

Use when extracting structured data from websites using Playwright MCP tools, when handling login/authentication flows, when crawling paginated content, or when building scrapers that navigate dynamic SPAs with tabs, accordions, or React/HeadlessUI components

Pre-merge security validation detecting secrets, user-specific paths, insecure SSH configurations, and security-weakening flags