測試與安全

This skill should be used when developing Holochain hApps, setting up development environments, creating zomes, implementing hREA integration, or writing multi-agent tests with Tryorama

RLS validation, security audits, OWASP compliance, and vulnerability scanning. Use when validating RLS policies, auditing API routes, or scanning for security issues.

Write production-ready CEL (Common Expression Language) code for Kubernetes ValidatingAdmissionPolicies, CRD validation rules, and security policies. Use when users need to create admission policies, validate Kubernetes resources, enforce security constraints, or write CEL expressions for Kubernetes.

Integration testing standards for API testing, database testing, and service-to-service communication. Covers test containers, Docker Compose, API mocking, and contract testing for reliable integration suites.

Use when automating browsers, testing pages, taking screenshots, checking UI, verifying login flows, or testing responsive behavior

Validates test suite quality through mutation testing. Generates intelligent code mutations, runs tests to verify they catch the changes, and identifies gaps in test coverage. Use when evaluating test effectiveness, validating newly written tests, or improving test quality for mission-critical code.

React frontend standards covering hooks (useState, useEffect, useContext, custom hooks), state management (Context API, Redux, Zustand), performance optimization (memoization, lazy loading, code splitting), testing with React Testing Library, and accessibility (WCAG 2.1, ARIA) for modern SPAs

Skill-Loader standards and best practices for Skill Loader. Includes implementation guidelines, common patterns, and testing strategies.

Essential patterns for reliable shell scripts - portable shebangs, error handling, quoting rules, functions, testing with Bats, and ShellCheck integration.

Kubernetes standards for container orchestration, deployments, services, ingress, ConfigMaps, Secrets, and security policies. Covers production-ready configurations, monitoring, and best practices for cloud-native applications.

Use when implementing auth, file uploads, payments, or external APIs. Applies STRIDE framework systematically. Triggers: "authentication", "file upload", "payment", "multi-tenant", "external API". If thinking "I know security" - use this anyway.

Python coding standards following PEP 8, type hints, testing best practices, and modern Python patterns. Use for Python projects requiring clean, maintainable, production-ready code with comprehensive testing.

Guidance and guardrails for secure account recovery workflows including identity verification and password reset.

Verify compliance with OWASP Top 10 2021 security standards. Use when performing OWASP compliance checks and security certification.

Provides a consistent, reproducible workflow for creating, updating, and maintaining screenshots in the Auth0 docs-v2 monorepo. Use when capturing or modifying screenshots for Mintlify pages, Auth0 Dashboard interfaces, or UI surfaces within main, auth4genai, or ui. Ensures correct formatting, accessibility, alt text, paths, viewport, file size, cropping rules, and Playwright MCP usage.

Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.

Build evaluation frameworks for agent systems. Use when testing agent performance, validating context engineering choices, or measuring improvements over time.

Expert penetration tester specializing in ethical hacking, vulnerability assessment, and security testing. Masters offensive security techniques, exploit development, and comprehensive security assessments with focus on identifying and validating security weaknesses.

Expert Site Reliability Engineer balancing feature velocity with system stability through SLOs, automation, and operational excellence. Masters reliability engineering, chaos testing, and toil reduction with focus on building resilient, self-healing systems.

Validate Rust code quality with rustfmt, clippy, cargo check, and security analysis. Use for Rust codebases to ensure idiomatic Rust code and best practices.