測試與安全

Test coverage analysis to ensure adequate testing, Storybook coverage, and test quality.

Dependency health analysis to detect outdated packages and unused dependencies.

Use when setting up monitoring systems, logging, metrics, tracing, or alerting. Invoke for dashboards, Prometheus/Grafana, load testing, profiling, capacity planning. Keywords: monitoring, observability, logging, metrics, tracing, alerting, Prometheus, Grafana.

Use when conducting security audits, reviewing code for vulnerabilities, or analyzing infrastructure security. Invoke for SAST scans, penetration testing, DevSecOps practices, cloud security reviews. Keywords: security review, vulnerability, SAST, audit, penetration testing, cloud security.

Use when building .NET 8 applications with minimal APIs, clean architecture, or cloud-native microservices. Invoke for Entity Framework Core, CQRS with MediatR, JWT authentication, AOT compilation. Keywords: .NET Core, .NET 8, ASP.NET Core, minimal API, EF Core, CQRS.

Analyzes events through political science lens using IR theory (Realism, Liberalism, Constructivism), comparative politics, institutional analysis, and power dynamics. Provides insights on governance, security, regime change, international cooperation, and policy outcomes. Use when: Political events, international crises, elections, regime transitions, policy changes, conflicts. Evaluates: Power distributions, institutional effects, actor interests, strategic interactions, norms.

Use when writing E2E tests with Playwright, setting up test infrastructure, or debugging flaky browser tests. Invoke for browser automation, E2E tests, Page Object Model, test flakiness, visual testing. Keywords: Playwright, E2E, browser testing, automation, Page Object.

Architecture dependency analysis to ensure proper feature isolation and composition root pattern.

API authentication patterns including JWT, OAuth 2.0, API keys, and session-based auth. Covers token generation, validation, refresh strategies, security best practices, and when to use each pattern. Use when implementing API authentication, choosing auth strategy, securing endpoints, or debugging auth issues. Prevents common vulnerabilities like token theft, replay attacks, and insecure storage.

Comprehensive codebase quality audit with parallel agent orchestration, GitHub issue creation, automated PR generation per issue, and PM-prioritized recommendations. Use for code review, refactoring audits, technical debt analysis, module quality assessment, or codebase health checks.

Launch Baldur's Gate 3 through Steam on macOS and load saved games using macos-automator and peekaboo MCP servers. Designed for testing bg3se-macos (Script Extender) development. Use when: (1) launching BG3 from Steam, (2) loading a BG3 saved game, (3) testing SE mod injection, (4) user asks to "start BG3", "load my BG3 save", "play Baldur's Gate", "test the script extender". Requires macos-automator and peekaboo MCP servers installed with accessibility permissions.

Analyzes events through cybersecurity lens using threat modeling, attack surface analysis, defense-in-depth, zero-trust architecture, and risk-based frameworks (CIA triad, STRIDE, MITRE ATT&CK). Provides insights on vulnerabilities, attack vectors, defense strategies, incident response, and security posture. Use when: Security incidents, vulnerability assessments, threat analysis, security architecture, compliance. Evaluates: Confidentiality, integrity, availability, threat actors, attack patterns, controls, residual risk.

Stripe payment integration patterns. Use when implementing payment flows, handling webhooks, or working with subscriptions. Routes to existing patterns and provides evidence templates for payment testing.

Modern security standards including Zero Trust Architecture, supply chain security, DevSecOps integration, and cloud-native protection

Validates test suite quality through mutation testing. Generates intelligent code mutations, runs tests to verify they catch the changes, and identifies gaps in test coverage. Use when evaluating test effectiveness, validating newly written tests, or improving test quality for mission-critical code.

React frontend standards covering hooks (useState, useEffect, useContext, custom hooks), state management (Context API, Redux, Zustand), performance optimization (memoization, lazy loading, code splitting), testing with React Testing Library, and accessibility (WCAG 2.1, ARIA) for modern SPAs

Skill-Loader standards and best practices for Skill Loader. Includes implementation guidelines, common patterns, and testing strategies.

Essential patterns for reliable shell scripts - portable shebangs, error handling, quoting rules, functions, testing with Bats, and ShellCheck integration.

Kubernetes standards for container orchestration, deployments, services, ingress, ConfigMaps, Secrets, and security policies. Covers production-ready configurations, monitoring, and best practices for cloud-native applications.

Use when implementing auth, file uploads, payments, or external APIs. Applies STRIDE framework systematically. Triggers: "authentication", "file upload", "payment", "multi-tenant", "external API". If thinking "I know security" - use this anyway.