Testing & Security

Master WordPress project orchestrator - coordinates all WordPress skills for complete site setup, audit, and optimization. Use for new project setup, site audits, or comprehensive reviews. Runs interview phases and manages todo lists.

Create database seed scripts with realistic test data for development and testing. Use when setting up development environment or creating demo data.

Comprehensive API design patterns covering REST, GraphQL, gRPC, versioning, authentication, and modern API best practices

Test TUI (Text User Interface) applications using tmux. Use this skill when you need to automate testing of terminal-based applications by sending keystrokes and capturing pane output.

Efficient development testing workflow for HPC environments with VS Code tunneling. Trigger: testing code changes on HPC, development workflow with external data directories, VS Code Remote SSH development

Provides Git repository workflow guidelines including branch management, testing practices (TDD), Docker environment handling, and PR workflow. Use this skill when implementing features, fixing bugs, or making any code changes in a Git repository.

Universal security checklist and fixes for ANY project type or language

Expert performance optimization including profiling, bottleneck analysis, caching, and load testing

Testing patterns for React Native with Jest and React Native Testing Library. Use when writing tests, mocking Expo modules, testing Zustand stores, or debugging test failures.

Use when completing implementation in worktree to create review document for coordinator to route to review agent - documents what was built, test results, and suggested documentation updates

Scans Infrastructure as Code for security misconfigurations. Wraps tfsec for Terraform and Checkov for multi-cloud IaC. Use when user asks to "scan Terraform", "IaC security", "infrastructure scan", "tfsec", "checkov", "Terraformセキュリティ", "インフラスキャン".

Use when building SaaS applications needing data isolation between customers - implements owner-based filtering for secure multi-tenant document storage and search with workspace, organization, or tenant-level separation

Attack WiFi networks using WPA/WPA2 cracking, WPS exploitation, Evil Twin attacks, deauthentication, and wireless reconnaissance. Use when pentesting wireless networks or performing WiFi security assessments.

Automatically generate and run tests after each code change. Use when: any code is generated or modified in the pipeline. Triggers: internal use only.

Test MCP server connectivity and tool execution. Use when adding new MCP servers, debugging tool integration, or verifying tool availability. Supports stdio, http, and sse server types.

Security Chief - Vulnerability detection, security validation, and protection enforcement

CIPS bridge for session resumption. Enables cips resume latest, cips resume gen:N, and --fresh flags. Maintains continuity across sessions.

Automate creation of multiple audio overviews in Google NotebookLM using Playwright. Use when the user needs to generate multiple audio podcasts from web sources with different prompts or focus areas, or when batch-creating NotebookLM audio content.

Investigate GitHub security incidents using tamper-proof GitHub Archive data via BigQuery. Use when verifying repository activity claims, recovering deleted PRs/branches/tags/repos, attributing actions to actors, or reconstructing attack timelines. Provides immutable forensic evidence of all public GitHub events since 2011.

Automate code quality checks with Git hooks. Use when setting up pre-commit linting, pre-push testing, commit message validation, or automated code formatting. Supports Husky, lint-staged, ESLint, Prettier, and custom hooks for any project.