Testing & Security

Use PROACTIVELY when extracting structured data from text/images, classifying content, or formatting API responses with guaranteed schema compliance. Implements Anthropic's JSON outputs mode with Pydantic/Zod SDK integration. Covers schema design, validation, testing, and production optimization. Not for tool parameter validation or agentic workflows (use strict-tool-implementer instead).

Write focused tests for core user flows and critical paths using Pest framework, with minimal tests during development and strategic coverage at completion points. Use this skill when creating or editing test files in tests/Feature/ or tests/Unit/ directories, when writing Pest tests with descriptive names, when testing critical user workflows and business logic, when mocking external dependencies, when implementing fast unit tests, when testing behavior rather than implementation details, or when deciding what needs test coverage at feature completion.

Comprehensive Supabase expert with access to 2,616 official documentation files covering PostgreSQL database, authentication, real-time subscriptions, storage, edge functions, vector embeddings, and all platform features. Invoke when user mentions Supabase, PostgreSQL, database, auth, real-time, storage, edge functions, backend-as-a-service, or pgvector.

Эксперт CVE tracking. Используй для vulnerability management, security advisories и patch prioritization.

Statistical tests for time series stationarity (ADF, KPSS, PP tests)

Deep code review with web research to verify against latest ecosystem. Use when user says 'double check against latest', 'verify versions', 'check security', 'review against docs', or needs deep analysis beyond automatic quality hook.

Pentest Android and iOS mobile applications including APK analysis, dynamic analysis, SSL pinning bypass, root/jailbreak detection bypass, and mobile-specific vulnerabilities. Use when testing mobile app security or performing mobile pentesting.

Quality assurance and testing

Execute AI security CTF challenges across any competition platform with adaptable workflows for indirect prompt injection, jailbreaks, agent exploitation, and evidence collection with research-grounded techniques

Generate Playwright configuration files for cross-browser E2E testing. Triggers on "create playwright config", "generate playwright configuration", "playwright setup", "browser testing config".

Comprehensive architectural analysis and evaluation framework for system architecture assessment. Use for architecture pattern identification, SOLID principles evaluation, coupling/cohesion analysis, scalability assessment, performance characteristics, security architecture, data architecture, microservices vs monolith, technical debt quantification, and ADRs. Includes C4 model, 4+1 views, QAW, ATAM, architectural fitness functions, and visualization tools.

Synchronize knowledge base documentation with current codebase implementation.Performs full, incremental, or targeted audits of source code and updatescode maps, PRDs, patterns, SOPs, and user-facing docs to match reality.Use when:- After major refactors- Periodic maintenance (monthly)- Before starting new phase of work- When docs feel stale- User says "update kb", "sync docs", "audit docs"

Anti-premature-coding protocol. MANDATORY pre-coding checkpoint: execute BEFORE writing ANY code (new features, bug fixes, refactoring, optimization, tests). Use when user requests: "implement/add/fix/refactor/optimize/create feature". Prevents "coding without reading" blindspot that causes most bugs, duplicated work, and broken architectures. Forces systematic investigation via Stop→Trace→Orient→Plan before touching keyboard.

Audit an entire Canvas LMS course against the Four Learning Design Pillars (Clear Structure, Active Content, Continuous Practice, Intuitive UX). Use when users want to evaluate course quality, identify improvement areas, or prepare for course redesign. Requires canvas-mcp server for course data access. Triggers on "audit course", "course review", "evaluate my course", or Canvas course IDs/codes.

Expert en Design Systems avec approche Atomic Design industrielle. Utilisé pour structurer les fondations (couleurs, typographie, espacement, ombres), atomes, molécules et templates de manière cohérente et scalable. Invoque ce skill lors des interactions avec les designers ou pour créer/auditer un design system.

Transform SEO micro-audits into high-converting cold emails with zero jargon. Generates 2-3 email variations (customer perspective, competitor comparison, benefit-first) for e-commerce, local service, or B2B prospects. Translates technical SEO findings into business language, includes specific numbers and competitor comparisons, and positions Riflebird Agency as lean team of experts. Use when you have a completed SEO audit and need to create personalized cold outreach emails.

This skill should be used when estimating development time for Jira tickets. It provides both manual and AI-assisted estimates with T-shirt sizes, story points, and phase-by-phase time breakdowns based on task type classification, complexity scoring, and project architecture (monolithic/serverless/frontend/fullstack/mobile/test_automation).

Deep research specialist for finding GitHub repos, tools, AI models, APIs, and real data sources. Searches repositories, compares libraries, researches latest AI benchmarks, discovers APIs, locates datasets, and performs competitive analysis to accelerate development.

Kailash DataFlow - zero-config database framework with automatic model-to-node generation. Use when asking about 'database operations', 'DataFlow', 'database models', 'CRUD operations', 'bulk operations', 'database queries', 'database migrations', 'multi-tenancy', 'multi-instance', 'database transactions', 'PostgreSQL', 'MySQL', 'SQLite', 'MongoDB', 'pgvector', 'vector search', 'document database', 'RAG', 'semantic search', 'existing database', 'database performance', 'database deployment', 'database testing', or 'TDD with databases'. DataFlow is NOT an ORM - it generates 11 workflow nodes per SQL model, 8 nodes for MongoDB, and 3 nodes for vector operations.

Configure automated versioning with release-please. Set up semantic versioning, changelog generation, and monorepo support using GitHub App token authentication.