Loading...
Loading...
Found 164 Skills
Performs comprehensive PR code review from 5 perspectives (quality/performance/tests/docs/security) in parallel, providing Blockers/Suggestions/Nice-to-have and merge decision. Args: /review [owner/repo] [pr-number] [--focus all|security|perf|qa|docs|types] Activates when user mentions "review", "PR確認", "コードレビュー", "マージ判定".
Local Code Review - analyzes code changes and provides structured feedback before commit
Validate production readiness of Vertex AI Agent Engine deployments across security, monitoring, performance, compliance, and best practices. Generates weighted scores (0-100%) with actionable recommendations. Use when asked to "validate deploymen... Trigger with phrases like 'validate', 'check', or 'verify'.
Use when user asks to "deep review the code", "thorough code review", "multi-pass review", or when orchestrating the Phase 9 review loop. Provides review pass definitions (code quality, security, performance, test coverage), signal detection patterns, and iteration algorithms.
In-depth code review for large PRs (>500 lines). Full analysis including architecture, performance, security, and maintainability.
Enforce secure secrets management across all platforms. Never hardcode OAuth2 secrets, API keys, tokens, passwords, or credentials in source code. Store all secrets in .env files, load from environment variables, and ensure .env is gitignored. Use this skill when: (1) writing any code that uses API keys, OAuth2 client secrets, tokens, or credentials, (2) setting up authentication or third-party integrations, (3) creating new projects that need environment configuration, (4) reviewing code for security issues related to secrets, (5) configuring CI/CD pipelines or Docker deployments with secrets. Triggers: API key, OAuth, client secret, token, credentials, .env, environment variables, secret, password, authentication setup, third-party integration.
Validate agent skills for correctness, readability, workflow clarity, and isolation, ensuring they can be installed independently without dependencies on other skills.
Systematic code analysis with evidence collection
Harden configuration and defaults for safer deployment. Use when a mid-level developer needs to reduce misconfig risks.
Verify and configure HTTP security headers (CSP, HSTS, CORS, X-Frame-Options, etc). Checks current configuration and generates framework-specific fixes.
This skill should be used when the user asks to "check for misconfigurations", "analyze security headers", "find misconfigured settings", "check CORS policy", "find debug mode", "audit server configuration", or mentions "misconfiguration" in a security context. Maps to OWASP Top 10 2021 A05: Security Misconfiguration.
This skill should be used when the user asks to "check for SSRF", "analyze server-side request forgery", "find URL fetching vulnerabilities", "check for internal network access", or mentions "SSRF", "URL fetching", "cloud metadata", "169.254.169.254", or "request forgery" in a security context. Maps to OWASP Top 10 2021 A10: Server-Side Request Forgery.