Testing & Security

从需求文档（文字、图片、PDF、DOCX）生成结构化的功能测试用例。遵循 15 字段规范，输出 Excel 文件，支持正向/异常场景、边界值、安全性测试。

Use for Phase 10 of Course OS - generating the complete production package including handoff documentation, platform-specific exports, quality audits, and launch checklists. Triggers on "/course-production", "generate package", "export course", "production handoff", or after completing Phase 9.

Simulate the tester workflow step-by-step with real ticket system. Executes test loading, running, verification, and merging with explicit ENTER/EXIT stage declarations. Use this skill to debug, understand, or manually run the tester workflow.

Slack 앱 개발 및 API 통합을 위한 포괄적인 스킬. Bolt 프레임워크, Block Kit UI, OAuth 인증, 이벤트 처리, 슬래시 커맨드, 인터랙티브 컴포넌트, 워크플로우 스텝을 지원합니다. "Slack", "슬랙", "봇", "메시지", "채널", "webhook" 키워드로 활성화.

Use when creating or editing skills, before deployment, to verify they work under pressure and resist rationalization - applies RED-GREEN-REFACTOR cycle to process documentation by running baseline without skill, writing to address failures, iterating to close loopholes

A TypeScript-first skill for generating Office documents (DOCX, XLSX, PDF) that works everywhere - Claude Code CLI, Cloudflare Workers, and browsers. Simpler and more portable than Anthropic's officia

Creates, analyzes, updates, and improves Claude Code agent skills including YAML frontmatter, allowed-tools field, progressive disclosure, and skill authoring workflows. Use when user asks how skills work, what agent skills are, explaining skill concepts, understanding SKILL.md structure, describing .md files organization, skill authoring process, asked to create a new skill, evaluate existing skills for improvements, optimize skills for AI/Claude effectiveness, suggest converting current logic into a skill, update outdated skill information, or when user mentions skill validation, best practices, supporting files, skill security, API integration, or technical architecture.

ファイル編集・コミット準備時に使用。シークレット漏洩防止チェックを実施。

Provides guidance on spec-driven, test-driven, iterative development methodology. Activated when user asks about MVP-first development, iterative workflows, TDD cycles, specification writing, or how to structure feature development.

MUST INVOKE this skill when working with SKILL.md files, authoring new skills, improving existing skills, or understanding skill structure and best practices. Create, audit, and maintain AI agent skills.

Live testing and validation of production research API for strategy optimization loops

Create the deliverable (code, documentation, tests, content) following the user's standards and best practices. Use after validation passes to actually build the work product.

Safe Python code execution using pyx CLI. Use when: running Python, executing scripts, testing code. Triggers: pyx, run python, execute code, test script. Default mode: MANIFEST_IO (file-first with manifest output).

Automates development of TogetherOS Rewards module features. Use when building reward types, implementing validation, creating UI components, writing tests, or updating Rewards documentation. Handles end-to-end implementation from entity models through API handlers to frontend components.

Comprehensive mobile app testing strategies for iOS and Android. Covers unit tests, UI tests, integration tests, performance testing, and test automation with Detox, Appium, and XCTest.

Guides writing bundler tests using itBundled/expectBundled in test/bundler/. Use when creating or modifying bundler, transpiler, or code transformation tests.

Converting backtest visualizations from bar indices/timesteps to actual datetime axes for clearer time context

Automatically find the latest portfolio CSVs, process them, and display visualizations in web browser. Use when you want a complete portfolio analysis with one command.

Generate realistic CSV data files with proper headers, data types, and configurable row counts for testing, demos, and development. Triggers on "create CSV data", "generate CSV file", "fake CSV for", "sample data CSV", "test data spreadsheet".

Escape Docker containers and exploit Kubernetes clusters using privileged containers, Docker socket access, misconfigurations, and API abuse. Use when testing container security or performing container escape.