Loading...
Loading...
Found 145 Skills
Expert ISO 27001 compliance assistant for security and compliance teams. Use this skill whenever a user asks about ISO 27001 or ISO/IEC 27001, including any of the following: gap analysis, auditing, compliance assessments, control checklists, policy writing, document generation, Statement of Applicability (SoA), risk assessment, risk registers, risk treatment plans, Annex A controls, ISMS implementation, clause requirements, certification readiness, transitioning from 2013 to 2022, control implementation guidance, incident response policies, access control policies, supplier security, or any information security management system (ISMS) topic. Trigger even if the user doesn't say "skill" — any ISO 27001 or ISMS question should use this skill.
Orchestrates multi-advisor council debates on high-impact architecture, technology, or product decisions. Dispatches 3-5 domain archetype subagents (pragmatic-engineer, architect-advisor, security-advocate, product-mind, devils-advocate, the-thinker) through opening statements, tensions, position evolution, and synthesis phases. Preserves dissent and delivers actionable recommendations with captured risks. Use when evaluating trade-offs, stress-testing a PRD or tech spec, resolving dilemmas with multiple viable options, or when a decision needs diverse expert perspectives. Don't use for simple yes/no questions, factual lookups, creative brainstorming without tradeoffs, or tasks where a single expert perspective suffices.
Review a spec or concrete code changes and report evidence-backed bugs, regressions, and risks.
Analyze and explain a pull request to help review it effectively
Build strategic plans for business goals. Creates one-page briefs with core objective, key milestones, leverage points, and risks. Use when setting direction, pitching initiatives, or aligning teams around a goal.
Evaluate product bets and shape pitches using Shape Up's appetite model and Bezos's Type 1/Type 2 decision framework. Use when asked to assess a product bet, evaluate initiative risk, decide resource allocation, or shape a pitch for a new feature or project.
Challenge ideas, assumptions, and decisions by playing devil's advocate to identify weaknesses and prevent groupthink
Runs real-time safety analysis for instructions involving destructive operations, permission changes, irreversible actions, prompt injection, or compliance-sensitive operations. Evaluates risk level, destructiveness, and reversibility via backend API. Use when asked for safety check, risk assessment, security audit, destructive check, instruction audit, or Modeio safety scan. Also use proactively before executing any instruction that deletes data, modifies permissions, drops or truncates tables, deploys to production, or alters system state irreversibly. Also supports pre-install Skill Safety Assessment for third-party skill repositories via a static prompt contract.
Threat modeling using STRIDE methodology. Data flow diagrams, trust boundaries, attack surface mapping, and risk assessment. Use when analyzing system security, designing secure architectures, or conducting security reviews.
When the user wants to assess supplier risks, monitor supplier health, or develop risk mitigation strategies. Also use when the user mentions "supplier risk assessment," "supply chain risk," "business continuity," "supplier monitoring," "supply disruption," "risk scoring," "supplier financial health," or "contingency planning." For initial supplier selection, see supplier-selection. For overall supply chain risk, see risk-mitigation.
Behavioral classification, performance analysis, and trading style detection for Solana wallets
Threat modeling methodologies (STRIDE, PASTA, LINDDUN), attack tree analysis, common attack patterns (OWASP Top 10, CWE), risk assessment frameworks, and security architecture patterns