Testing & Security

Implement Semantic Retrieval Optimization for AI search visibility. Use when performing SRO audits, building entity maps, designing SCN architecture, writing retrieval-optimized content, implementing schema markup, calibrating trust signals, analyzing query intent, assessing technical eligibility, or creating AI-ready content strategies. Triggers on semantic SEO, entity mapping, SCN, E-E-A-T, AI search optimization, passage engineering, knowledge graph, trust signals, or retrieval optimization requests.

Phrack magazine article analysis, binary exploitation, vulnerability research, exploit development, Use-After-Free (UAF), heap exploitation, ROP chain, GDB debugging, pwntools, memory corruption, CVE analysis, ProFTPd exploitation, Docker exploit lab, security research, educational hacking, buffer overflow, stack exploitation, shellcode development

Help write and organize tests for Python projects. Use PROACTIVELY when new code is written. Keywords: test, testing, pytest, テスト

Flower monitoring setup and configuration for Celery including real-time monitoring, authentication, custom dashboards, and Prometheus metrics integration. Use when setting up Celery monitoring, configuring Flower web UI, implementing authentication, creating custom dashboards, integrating with Prometheus, or when user mentions Flower, Celery monitoring, task monitoring, worker monitoring, or real-time metrics.

Code review criteria covering security, performance, quality standards, and issue prioritization for thorough code analysis.

Generate Content Security Policy (CSP) header configurations for web security. Triggers on "create csp header", "generate content security policy", "csp config", "security headers".

Reviews pull requests for compliance regressions. Scans code diffs for security and compliance violations, flags issues, and suggests fixes aligned with frameworks like SOC 2, ISO 27001, NIST 800-53.

Autonomous agent creation skill that generates specialized agent definitions from templates. Use when you need to create new Claude Code agents for specific tasks like code review, deployment automation, testing, documentation, security analysis, or general-purpose research. This skill automates the creation of agent definition files (.md) with proper structure, workflow instructions, and tool access patterns following Miyabi framework standards.

Execute SQL queries against Snowflake data warehouse using Python connector. Supports password, key-pair, and SSO/OAuth authentication. Use for ad-hoc queries, data extraction, and schema exploration. Output in JSON, table, or CSV format.

Bi-directional comparison workflow for config auditing. Compares what agents expect (from templates/standards) against what repositories actually have, presenting differences with remediation options. Use when agents need to audit configs, validate standards compliance, or identify mismatches between expected and actual configurations.

セキュリティ観測。認可漏れ、インジェクション、機密漏えい、暗号誤用、依存脆弱性を検出。Use when: 認証/認可実装、外部入力処理、依存更新、コミット前チェック、セキュリティレビューして、脅威分析が必要な時。

Enterprise testing framework with pytest 8.4.x, Vitest 4.x, Playwright 1.48.x, Testing Library 15.x, httpx 0.28.x, k6 load testing, and accessibility testing

Generate Cypress E2E test files and configuration for web application testing. Triggers on "create cypress test", "generate cypress config", "e2e test for", "cypress setup".

Use when implementing any feature or bugfix, before writing implementation code - write the test first, watch it fail, write minimal code to pass; ensures tests actually verify behavior by requiring failure first

Docker ignore configuration template and validation logic for optimizing Docker build contexts. Includes 5 required standards (build artifacts, development files, CI/CD and testing, logs and temporary files, root-only placement). Use when creating or auditing .dockerignore files to reduce build context size, improve performance, and ensure security.

Understanding the threat model for self-hosted GitHub Actions runners. GitHub-hosted vs self-hosted comparison and secure deployment patterns.

Next.js fullstack development guidelines for React 19 and Next.js 15+. Use when building Next.js applications with Feature-Sliced Design, TailwindCSS v4, ShadCN, Jotai, React Query, and Supabase integration. Covers file naming, component architecture, testing with Vitest/Playwright, UI/UX design patterns, and Toss frontend principles.

Write strategic, behavior-focused tests for core user flows and critical functionality using Vitest for unit tests and Playwright for end-to-end testing. Use this skill when writing test files, testing utilities, or implementing test coverage for critical paths. When working on Vitest test files (.test.ts, .spec.ts), Playwright E2E test suites, test setup and configuration files (vitest.config.ts, test-setup.ts), mock implementations for external dependencies, testing utility functions or test helpers, component test files using React Testing Library, API route test files, or integration tests for Content Collections and data fetching logic.

Use when working with Supabase database schemas, migrations, RLS policies, or PostGIS features. Enforces UUID standards, timestamp columns, and security best practices.

Implement JWT authentication with bcrypt password hashing, refresh tokens, account lockout, and password reset flow. Use when setting up authentication or login system.