測試與安全

Creates test documentation (testing-strategy.md + tests/README.md). Establishes testing philosophy and Story-Level Test Task Pattern. L2 Worker in ln-100-documents-pipeline workflow.

This skill provides guidance for extracting secrets from vulnerable executables. It should be used when tasks involve binary analysis, reverse engineering executables to find hidden flags/secrets, or exploiting buffer overflows and other vulnerabilities to extract protected data. Applicable to CTF challenges, security research, and authorized penetration testing scenarios.

Use when refactoring code - test-preserving transformations in small steps, running tests between each change

Guidance for implementing differential cryptanalysis attacks on FEAL and similar Feistel ciphers. This skill should be used when asked to break FEAL encryption, recover cipher keys through differential attacks, or implement cryptanalysis techniques on block ciphers with weak round functions. Covers proper differential characteristic construction, not ad-hoc statistical methods.

Expert guidance for Google Kubernetes Engine (GKE) operations including cluster management, workload deployment, scaling, monitoring, troubleshooting, and optimization. Use when working with GKE clusters, Kubernetes deployments on GCP, container orchestration, or when users need help with kubectl commands, GKE networking, autoscaling, workload identity, or GKE-specific features like Autopilot, Binary Authorization, or Config Sync.

Dead code & legacy audit worker (L3). Checks unreachable code, unused imports/variables/functions, commented-out code, backward compatibility shims, deprecated patterns. Returns findings.

This skill provides guidance for generating self-signed SSL/TLS certificates using OpenSSL. Use this skill when tasks involve creating private keys, self-signed certificates, certificate signing requests (CSRs), or combined PEM files. It covers verification strategies and common pitfalls in certificate generation workflows.

Guide for Claude Agent SDK - build custom AI agents powered by Claude. Triggers on agent sdk, claude-agent-sdk, @anthropic-ai/claude-agent, build agent, programmatic agent, embed claude, custom ai agent, agent infrastructure. Covers installation, authentication providers, tool permissions, file-based configuration, and TypeScript/Python code examples.

Execute approved sprint plans with test-driven development, continuous linting, progress tracking, and pause points. Use when user says "execute sprint", "start sprint", or wants to implement an approved sprint plan.

Creates ALL task types (implementation, refactoring, test). Generates task documents from templates, validates type rules, creates in Linear, updates kanban. Invoked by orchestrators.

This skill provides guidance for recovering passwords or sensitive data from disk images, corrupted files, or forensic scenarios. Use this skill when tasked with extracting passwords from disk images, recovering deleted files containing credentials, or performing data forensics to find lost authentication information.

Guidance for setting up Git-based multi-branch deployment systems with SSH access, web servers, and automated deployment hooks. This skill should be used when configuring Git repositories that deploy to multiple environments (e.g., main/dev branches), setting up SSH authentication for Git, configuring web servers to serve content from different branches, or creating post-receive hooks for automated deployments.

Updates ALL task types (implementation/refactoring/test). Compares IDEAL plan vs existing tasks, categorizes KEEP/UPDATE/OBSOLETE/CREATE, applies changes in Linear and kanban.

This skill provides guidance for cracking 7z archive password hashes. It should be used when tasks involve extracting hashes from password-protected 7z archives, selecting appropriate cracking tools, and recovering passwords through dictionary or brute-force attacks. Applicable to password recovery, security testing, and CTF challenges involving encrypted 7z files.

Coordinates 9 specialized audit workers (security, build, architecture, code quality, dependencies, dead code, observability, concurrency, lifecycle). Researches best practices, delegates parallel audits, aggregates results into single Linear task in Epic 0.

Apple firmware and binary reverse engineering with the ipsw CLI tool. Use when analyzing iOS/macOS binaries, disassembling functions in dyld_shared_cache, dumping Objective-C headers from private frameworks, downloading IPSWs or kernelcaches, extracting entitlements, analyzing Mach-O files, or researching Apple security. Triggers on requests involving Apple RE, iOS internals, kernel analysis, KEXT extraction, or vulnerability research on Apple platforms.

Test, validate, and add new AI models to the eval suite. Use when user asks to add new models, test model access, check pricing, or update models.yml.

Comprehensive guide for building production-quality Ruby gems. Use when creating new gems, structuring gem architecture, implementing configuration patterns, setting up testing, or preparing for publishing. Covers all gem types - libraries, CLI tools, Rails engines, and API clients.

Record domain events and dispatch to inbox handlers for side effects, audit trails, and activity feeds. Use when building activity logs, syncing external services, or decoupling event creation from processing. Triggers on event recording, audit trails, activity feeds, or inbox patterns.

This skill provides guidance for XSS filter bypass tasks where the goal is to craft HTML payloads that execute JavaScript despite sanitization filters. Use this skill when tasks involve bypassing HTML sanitizers (like BeautifulSoup), exploiting parser differentials between server-side sanitizers and browsers, or security testing/CTF challenges involving XSS filter evasion.