Testing & Security

Use when you need to plan technical solutions that are scalable, secure, and maintainable.

AI security co-pilot for identifying, testing, and fixing vulnerabilities in LLM-powered applications.Use when: (1) Securing LLM applications or agents, (2) Generating security test suites with promptfoo,(3) Testing for prompt injection, jailbreaking, data exfiltration, (4) Hardening system prompts,(5) Compliance mapping for OWASP LLM Top 10, NIST AI RMF, CJIS, SOC2, (6) Threat modeling AI systems,(7) Analyzing security eval results, (8) Research on LLM attack/defense techniques.Triggers: "secure my LLM", "prompt injection", "jailbreak test", "AI security", "red team","system prompt hardening", "LLM vulnerability", "promptfoo", "OWASP LLM", "AI compliance".

Эксперт iOS тестирования. Используй для XCTest, UI testing и iOS test patterns.

Screenshot testing for React components with Playwright. Captures component pixels and compares to baselines. Auto-apply when editing React component stories or *.visual.spec.ts files that test UI components.

Review code changes for bugs, security, and design issues. Use when user wants to review code, check a PR, review changes, or says 'review this', 'check my code', 'PR review', or 'code review'.

Use when creating, auditing, or validating MetaSaver contracts packages. Includes Zod validation schemas, TypeScript types, barrel exports, and database type re-exports. File types: .ts, package.json, tsconfig.json.

WHEN: Coverage analysis, finding untested files, test prioritization, coverage gap identificationWHAT: Line/Branch/Function coverage + untested file list + priority by importance + improvement roadmapWHEN NOT: Test generation → test-generator, Test quality → code-reviewer

Clean Architecture and SOLID principles implementation including dependency injection, layer separation, domain-driven design, hexagonal architecture, and code quality patterns

Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check responsive design, validate UX, test login flows, check links, automate any browser task. Use when user wants to test websites, automate browser interactions, validate web functionality, or perform any browser-based testing.

Complete security patterns for GitHub Actions covering action pinning, GITHUB_TOKEN permissions, third-party action risks, secret management, and runner security.

Get today's date for web searches and date-sensitive tasks. Auto-invoke before any WebSearch that includes a year (e.g., "React 2024", "Python 2025"), when searching for current documentation, latest releases, or recent information. Ensures searches use the correct current year instead of outdated dates.

Use when implementing any feature or bugfix. Write the test first, watch it fail, write minimal code to pass. Red-Green-Refactor cycle.

Build accessible user interfaces following WCAG guidelines with semantic HTML, keyboard navigation, screen reader support, and proper color contrast. Use this skill when creating or modifying UI components, implementing form inputs, adding interactive elements, working with navigation menus, creating modals or dialogs, or handling focus management. Apply when working on React component files (*.tsx, *.jsx), Shadcn/ui components, or any frontend code that users interact with. This skill ensures semantic HTML elements (nav, main, button, etc.) that convey meaning to assistive technologies, keyboard navigation with visible focus indicators (focus:ring-2 focus:ring-offset-2 in Tailwind), sufficient color contrast ratios (4.5:1 for normal text), descriptive alt text for images and meaningful labels for form inputs, screen reader testing and verification, ARIA attributes for complex components when semantic HTML isn't sufficient, logical heading structure (h1-h6 in proper order), and proper focus management in dyna

Kyverno image validation: registry allowlists, digests, signatures, and CVE scanning gates for K8s supply chain security.

バックエンド（Rust/Tauri）のテスト実装とデバッグを行います。Rustのテスト作成、cargo testの実行、テストエラーの修正、Repository/Service/Facadeレイヤーのテストなどのバックエンドテスト関連タスクに使用します。

Author high-quality assessment items (questions, prompts, tasks) aligned to learning objectives with answer keys and rubrics. Use when creating test questions, writing assessment items, or building item banks. Activates on "write assessment items", "create test questions", "develop quiz", or "author performance tasks".

Conducts comprehensive vendor security assessments. Evaluates vendor security posture, identifies risks, and generates assessment reports with recommendations.

use this skill when creating new or reviewing xunit v3 test projects using Microsoft Testing Platform (MTP) to ensure best patterns, practices, and proper configuration

Generate comprehensive network infrastructure reports including health status, performance analysis, security audits, and capacity planning recommendations.

Crack password hashes using hashcat/john, perform password spraying, brute force authentication, and execute pass-the-hash attacks. Use when cracking credentials or performing password-based attacks.