測試與安全

A test skill in a nested directory with file references

Generates comprehensive gdUnit4 test stub files for GDScript classes with structured JSON output and automated remediation support.

Comprehensive skill for working with Azure DevOps REST API across all services including Boards (work items, queries, backlogs), Repos (Git, pull requests, commits), Pipelines (builds, releases, deployments), Test Plans, Artifacts, organizations, projects, security, extensions, and more. Use when implementing Azure DevOps integrations, automating DevOps workflows, or building applications that interact with Azure DevOps services.

Comprehensive guide to Rust automated testing covering unit, integration, and documentation tests. Includes practical patterns for async testing, property-based testing with proptest, mocking strategies using traits, and essential testing tools (cargo-nextest, criterion, tarpaulin). Emphasizes FIRST principles and CI/CD integration.Use this when: setting up new Rust projects, establishing testing standards for teams, improving existing test suites, implementing TDD workflows, or learning Rust testing ecosystem best practices. Particularly valuable for projects requiring high reliability and comprehensive test coverage.

Critical reference for all Supabase database operations. Use this whenever reading from or writing to the database to ensure correct client usage (supabaseServer vs supabase), schema names, and query patterns. CRITICAL for security.

Implements Anthropic's Evaluator-Optimizer pattern where one LLM generates solutions and another provides evaluative feedback in an iterative loop. Use when quality can be demonstrably improved through articulated feedback cycles. Evaluates across 5 dimensions (functionality, performance, code quality, security, documentation) with up to 5 improvement iterations.

Reviews package dependencies for security vulnerabilities, outdated versions, and license compliance. Use when user asks about dependencies, security audits, or before releases.

Use when reviewing authentication or authorization code. Provides comprehensive security guidance on JWT validation, token exchange, OAuth 2.0/2.1 compliance, PKCE, Resource Indicators, MCP authorization, session management, and API authentication. Covers critical vulnerabilities including token forwarding, audience validation, algorithm confusion, confused deputy attacks, and authentication bypass. Invoke when analyzing any authentication, authorization, or access control code changes.

Explain code like teaching a junior dev on day 1. Forces detailed analysis to catch hidden bugs, edge cases, security issues, and performance problems.

Comprehensive testing skill for GabeDA application - designs test strategies (UAT, integration, smoke, unit), creates tests for frontend (React/Playwright) and backend (Django/pytest), executes tests, analyzes results, and generates detailed reports with findings. Stores reports in ai/testing/ and tests in appropriate project folders.

Generate phased implementation plans from requirements and UI wireframes. Use when the user provides requirements documents and/or UI wireframes and wants to create a detailed, phased implementation plan. Triggers on requests like "create implementation plan", "plan the implementation", or when asked to design an implementation approach for a project with existing requirements. Produces description-only plans (no code) with clear phases, dependencies, and testing checklists.

Compiles production-ready EU grant proposals from EU Grant Hunter briefs,UBOS narrative banks, partner commitments, and budget templates. Reuses theproven 1,850:1 ROI methodology that secured €6M Xylella funding. Coordinatesthe full assembly workflow: intelligence gathering, narrative compilation,budget construction, partner onboarding, compliance checks, quality scoring,and final packaging (PDF/LaTeX). Target score: ≥4.6/5 (Horizon 13.8/15). Usewhen preparing submissions, tracking proposal status, or managing consortiumdeliverables.

Convex backend patterns with security, validation, and performance best practices

Use when gh CLI is not installed, not configured, or authentication fails - provides installation steps, authentication methods, and troubleshooting for all platforms

Phase 4 of disciplined development. Verifies implementation against designthrough unit and integration testing. Builds traceability matrices, trackscoverage, and loops defects back to originating left-side phases.

Enforce the fn(args, deps) pattern: functions over classes with explicit dependency injection

Browser testing and debugging with Playwright. QA testing, screenshots, form interactions, console errors, network analysis, performance profiling. Batch scripting for multiple actions per turn.

Use when sending Discord messages or encountering bot permission errors - provides three-tier integration methods with automatic fallback (MCP → REST API → Gateway); prevents wasted time on OAuth scope issues

Security best practices for Dokploy templates: secrets management, network isolation, least privilege, image security, and hardening recommendations.

Scans containers and Dockerfiles for security issues. Wraps Hadolint for Dockerfile linting and Trivy for container image scanning. Use when user asks to "scan Dockerfile", "lint Dockerfile", "container security", "image scan", "Dockerセキュリティ", "コンテナスキャン".