Loading...
Loading...
Found 2,588 Skills
The Fifteen-Factor App methodology for modern cloud-native SaaS applications. This skill should be automatically invoked when planning SaaS tools, product software architecture, microservices design, PRPs/PRDs, or cloud-native application development. Extends the original Twelve-Factor App principles with three additional factors (API First, Telemetry, Security). Trigger keywords include "fifteen factor", "12 factor", "SaaS architecture", "cloud-native design", "application architecture", "microservices best practices", or when in a planning/architecture session.
Refactor Kubernetes configurations to improve security, reliability, and maintainability. This skill applies defense-in-depth security principles, proper resource constraints, and GitOps patterns using Kustomize or Helm. It addresses containers running as root, missing health probes, hardcoded configs, and duplicate YAML across environments. Apply when you notice security vulnerabilities, missing Pod Disruption Budgets, or :latest image tags in production.
Apply Convex database best practices for cost optimization, performance, security, and architecture. Use when: building Convex backends, optimizing queries, handling embeddings/vector search, reviewing Convex code, designing schemas, planning migrations, or discussing Convex architecture. Keywords: Convex, real-time database, queries, mutations, actions, indexes, pagination, vector search, embeddings, schema, migrations, ctx.auth, convex-helpers, bandwidth.
Security patterns for LLM integrations including prompt injection defense and hallucination prevention. Use when implementing context separation, validating LLM outputs, or protecting against prompt injection attacks.
Check dependencies for known vulnerabilities using npm audit, pip-audit, etc. Use when package.json or requirements.txt changes, or before deployments. Alerts on vulnerable dependencies. Triggers on dependency file changes, deployment prep, security mentions.
Static analysis security vulnerability scanner for Ruby on Rails applications. Use when analyzing Rails code for security issues, running security audits, reviewing code for vulnerabilities, setting up security scanning in CI/CD, managing security warnings, or investigating specific vulnerability types (SQL injection, XSS, command injection, etc.). Also use when configuring Brakeman, reducing false positives, or integrating with automated workflows.
use this skill whenever the user wants to list and filter application security findings, discover applications and versions, and manage applications using Fortify Software Security Center (SSC). Triggers include: any mention of 'SSC', 'list vulnerabilities', 'list applications', and similar requests indicating interaction with Fortify SSC for application security tasks. OpenText Application Security is the new name for Fortify Software Security Center.
OWASP Top 10 CI/CD Security Risks - prevention, detection, and remediation for pipeline security. Use when securing or reviewing CI/CD - flow control, IAM, dependency chain, poisoned pipeline execution, PBAC, credential hygiene, system config, third-party services, artifact integrity, logging and visibility.
OWASP Top 10 for LLM Applications - prevention, detection, and remediation for LLM and GenAI security. Use when building or reviewing LLM apps - prompt injection, information disclosure, training/supply chain, poisoning, output handling, excessive agency, system prompt leakage, vectors/embeddings, misinformation, unbounded consumption.
Use when dispatching code reviews for tiers with N greater than 1 (max-20x, max-5x) in subagent-driven development, or manually for critical changes over 200 lines or security-sensitive code
Docker and Docker Compose optimization. Multi-stage builds, security, debugging.
Use when checking code quality, running security audits, testing coverage, finding violations, or setting up quality tools - supports Drupal (PHPStan, PHPMD, PHPCPD, Psalm, Semgrep, Trivy, Gitleaks via DDEV) and Next.js (ESLint, Jest, jscpd, madge, Semgrep, Trivy, Gitleaks) projects with TDD, SOLID, DRY, and OWASP security checks