Loading...
Loading...
Found 1,934 Skills
Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization, rate limiting, input validation, and business logic. The tester uses the OWASP API Security Top 10 as the testing framework, combining Burp Suite interception with Postman collections and custom scripts to test endpoint security at every privilege level. Activates for requests involving API security testing, REST API pentest, GraphQL security assessment, or API vulnerability testing.
Review test quality and audit test coverage for any module. This skill should be used when reviewing existing tests, auditing test gaps, writing new tests, or when asked to assess test health. It pipelines testing standards into the audit workflow to produce a prioritized gap report. The output is a report, not code — do not write test implementations until the report is reviewed.
Production-grade Playwright in TypeScript: Page Object Model, fixtures, auto-waiting, user-facing locators, parallel execution, CI integration, visual testing, accessibility. Includes explicit "do not" list for AI agents and 2025-2026 feature awareness. Use when: "Playwright," "browser testing," "E2E test," "end-to-end," "page object." Related: visual-testing, ci-cd-integration, api-testing, test-reliability, accessibility-testing.
Build type-safe LLM applications with DSPy.rb — Ruby's programmatic prompt framework with signatures, modules, agents, and optimization. Use when implementing predictable AI features, creating LLM signatures and modules, configuring language model providers, building agent systems with tools, optimizing prompts, or testing LLM-powered functionality in Ruby applications.
Unix-composable CLI design patterns. Use when building CLI tools, designing command trees, implementing output layers, or testing CLI behavior. Covers stream separation (stdout/stderr), format flags (--json/--plain), exit codes, TTY detection, composability, and error design. Language-agnostic principles; TypeScript implementation patterns in resources/. For API design (REST, HTTP), see api-design.
129 practical Oracle Database and Oracle Container Registry reference guides covering SQL/PL/SQL development, performance tuning (AWR, ASH, explain plan, indexes, wait events, memory), security (TDE, VPD, auditing, network), administration (RMAN, Data Guard, undo/redo, users), monitoring, architecture (RAC, CDB/PDB, Exadata, In-Memory, OCI), DevOps (Liquibase, Flyway, utPLSQL, EBR), migrations from Postgres/MySQL/SQL Server/MongoDB/Snowflake/Redshift/DB2, PL/SQL development (packages, cursors, collections, unit testing, debugging), Oracle features (AQ, DBMS_SCHEDULER, materialized views, APEX), SQLcl (basics, scripting, Liquibase, MCP server, CI/CD), ORDS (architecture, authentication, AutoREST, REST API design, PL/SQL gateway), and Oracle Container Registry images. Use for any Oracle DB question, ORA- errors, DBMS_ packages, v$ views, Oracle tooling, ORDS REST APIs, SQLcl commands, or Oracle container images. Always consult this skill before answering Oracle-specific questions.
Cross-site scripting (XSS) vulnerability detection and exploitation. Supports reflected XSS, stored XSS, DOM-based XSS, and blind XSS testing. Use this skill when user mentions XSS, cross-site scripting, script injection, or needs to test JavaScript injection in parameters, forms, headers, or DOM sources.
Create custom QA agent personalities for project-specific testing needs. Guided builder that asks about the specialty, tools, and test scenarios, then generates a personality file and registers it in the QA config. Trigger on "create a QA personality", "add a custom test agent", "build a webhook tester", or when the user needs a project-specific QA agent. Also triggered by /qa-create-personality.
Generate penetration testing reports in standard format, including project information sheet, vulnerability discovery list, detailed vulnerability information (including attribute sheet, description, reproduction steps, evidence screenshots, remediation suggestions), and appendices (risk level definition, CVSS explanation, glossary). Use this skill when users request to generate penetration testing reports, security testing reports, or vulnerability reports. Strictly follow the standard format in the project template directory.
Implement a component-level test using `WidgetTester` to verify UI rendering and user interactions (tapping, scrolling, entering text). Use when validating that a specific widget displays correct data and responds to events as expected.
Use after completing a task or before merging. Not for exploring ideas or debugging.
Perform comprehensive code reviews with best practices, security checks, and constructive feedback. Use when reviewing pull requests, analyzing code quality, checking for security vulnerabilities, or providing code improvement suggestions.