測試與安全

Guide developers through Intility's production go-live checklist for MCP servers, ensuring security compliance with the lethal trifecta rules, Intility Software Engineering Policy, and infrastructure requirements. Use when a developer is ready to deploy an MCP server to production.

Analyze and validate meta tags on web pages. Use when users ask to check meta tags, verify SEO tags, audit page titles, check Open Graph tags, verify canonical URLs, or analyze social sharing tags. Detects missing title, description issues, duplicate tags, and Open Graph problems.

RBAC/ABAC implementation patterns, least privilege access, row-level security, column masking, and access review workflows.

Perform systematic code review following Phoenix/FAAD HMI standards and best practices. Use when reviewing pull requests, checking code quality, or validating implementations before commit. Checks MobX patterns, UI components, architecture, testing, and common pitfalls.

Use when developing BigQuery Dataform transformations, SQLX files, source declarations, or troubleshooting pipelines - enforces TDD workflow (tests first), ALWAYS use ${ref()} never hardcoded table paths, comprehensive columns:{} documentation, safety practices (--schema-suffix dev, --dry-run), proper ref() syntax, .sqlx for new declarations, no schema config in operations/tests, and architecture patterns that prevent technical debt under time pressure

Strategies and patterns for testing components through unit tests and end-to-end tests. Use when implementing tests or test infrastructure.

Use when implementing any feature or bugfix, before writing implementation code

Use when creating, auditing, or optimizing web content for search engines - routes to specialized sub-skills for content writing, keyword strategy, meta optimization, structure, authority building, snippet optimization, content planning, freshness updates, and cannibalization detection

Expert guidance for writing clean, simple, and effective unit, integration, component, microservice, and API tests. Use this skill when reviewing existing tests for violations, writing new tests, or refactoring tests. NOT for end-to-end tests that span multiple processes - use testing-e2e skill instead. Covers AAA pattern, data factories, mocking strategies, DOM testing, database testing, and assertion best practices.

Automates updating googleai_dart when Google AI OpenAPI spec changes. Fetches latest spec, compares against current, generates changelogs and prioritized implementation plans. Use for: (1) Checking for API updates, (2) Generating implementation plans for spec changes, (3) Creating new models/endpoints from spec, (4) Syncing local spec with upstream. Triggers: "update api", "sync openapi", "new endpoints", "api changes", "check for updates", "update spec", "api version", "fetch spec", "compare spec", "what changed in the api", "implementation plan".

Detects various injection vulnerabilities including SQL injection, LDAP injection, XPath injection, and code injection. Use when analyzing database queries, dynamic code generation, or investigating injection attacks.

Perform Google searches to retrieve up-to-date information from the web. Use when users need current information, latest news, technical trends, documentation lookups, or general web searches that require real-time data beyond your knowledge cutoff.

Expert in statistical analysis for blind A/B and ABX audio testing. Validates randomization, calculates statistical significance, and ensures proper experimental design. Use when implementing A/B test features or analyzing test results.

Quick reference for GitHub Actions security patterns. Copy-paste snippets for action pinning, token permissions, secrets, runners, and workflow hardening.

Use when implementing authentication - login/signup forms, session management, protected routes, or role-based access control.NOT when non-auth UI, plain data fetching, or unrelated backend logic.Triggers: "login page", "signup form", "auth setup", "protected route", "role-based access", "Better Auth", "NextAuth".

API endpoint design and testing for vehicle insurance data platform. Use when designing new API endpoints, testing existing ones, validating response formats, or debugging API issues. Covers 11 core endpoints including 3 new pie chart distribution endpoints, parameter validation, error handling, and integration patterns.

Generates technical implementation plans and architectural strategies that enforce the Project Constitution. Use when designing new features, starting implementation tasks, refactoring code, or ensuring compliance with critical standards like Testability-First Architecture, security mandates, testing strategies, and error handling.

Panduan senior/lead developer 20 tahun pengalaman untuk Vue.js 3 + Nuxt 3 + TanStack Query development. Gunakan skill ini ketika: (1) Membuat project Nuxt 3 baru dengan arsitektur production-ready, (2) Integrasi TanStack Query untuk data fetching, (3) Debugging Vue/Nuxt yang kompleks, (4) Review code untuk clean code compliance, (5) Optimisasi performa aplikasi Vue/Nuxt, (6) Setup folder structure yang scalable, (7) Mencari library terpercaya untuk Vue ecosystem, (8) Menghindari common pitfalls dan bugs, (9) Implementasi state management patterns, (10) Security hardening aplikasi Nuxt.Trigger keywords: vue, vuejs, nuxt, nuxtjs, tanstack, vue-query, composition api, pinia, vueuse, vue router, clean code vue, debugging vue, folder structure nuxt.

Calculates context-appropriate quality gate thresholds based on work type (Feature/Bug/Hotfix/Docs/Refactor). Ensures rigorous standards for features, pragmatic standards for hotfixes, and 100% test pass rate for all work.

Use this skill when writing Python code following PEP 8 and modern Python best practices. Provides comprehensive guidance on code layout, naming conventions, EAFP philosophy, type hints, exception handling, and pytest-based TDD. Covers all critical PEP 8 rules including indentation, imports, whitespace, documentation, and idiomatic Python patterns. Appropriate for any task involving .py files, Python code reviews, refactoring, or ensuring Python code quality.