Loading...
Loading...
Found 307 Skills
Overview of gh-infra and command workflow (import, validate, plan, apply). Use when managing GitHub repository settings, labels, actions settings, rulesets, secrets, variables, or files declaratively via YAML manifests.
Use when publishing or updating a Zeabur template to the marketplace. Use when user says "publish template", "update template online", "push template to Zeabur", or "create template on Zeabur". Do NOT use for deploying templates (use zeabur-template-deploy instead). Do NOT use for editing template YAML (use zeabur-template instead).
Design complete API contracts in OpenAPI 3.0/3.1 YAML with endpoints, schemas, security, pagination, error handling, and RFC 7807 problem details. Use when asking to design an API, create an OpenAPI spec, define API endpoints, write API contracts, or generate a Swagger specification.
Generate a Wren MDL project by exploring a database with available tools (SQLAlchemy, database drivers, MCP connectors, or raw SQL). Guides agents through schema discovery, type normalization, and MDL YAML generation using the wren CLI. Use when: user wants to create or set up a new MDL, onboard a new data source, or scaffold a project from an existing database.
Systematic GitHub Actions workflow authoring skill for AI coding agents. Analyzes repositories to determine project type, language ecosystem, and deployment targets, then generates production-grade CI/CD workflows with proper security hardening, caching, and optimization. Handles greenfield projects (no workflows exist), brownfield updates (modify, optimize, secure existing workflows), and workflow audits with workflow-specific guidance for each. Use when the user requests GitHub Actions workflows: CI pipelines, CD deployments, release automation, scheduled jobs, or any .github/workflows YAML authoring. Also use when existing workflows need auditing, optimizing, securing, or restructuring. Triggers on phrases like "set up CI", "add CI/CD", "GitHub Actions workflow", "release automation", "deploy on tag", "publish to npm/PyPI", "schedule a job", "cron workflow", "matrix build", "workflow.yml", "actions/checkout", "permissions", "harden this pipeline", "pin actions to SHA", "OIDC", "least privilege", "supply-chain", "audit my workflows", "speed up CI", or "cache dependencies". Triggers when creating or editing files under `.github/workflows/`, `action.yml`/`action.yaml` (composite or Docker actions), or `.github/dependabot.yml`. Triggers when the user mentions migrating from GitLab CI, CircleCI, Travis, Jenkins, Drone, or Buildkite to GitHub Actions. Do NOT use for non-GitHub CI systems (GitLab CI, CircleCI, Jenkins) unless the user is migrating TO GitHub Actions. Do NOT use for general bash scripting, Makefiles, or local-only build configuration.
Run adversarial review on a PM artifact via the pm-critic sub-agent. Dispatches natively on Claude Code with the pm-skills plugin (invokes @agent-pm-critic); on non-Claude clients (Codex CLI, Cursor, Windsurf, Copilot, Gemini CLI) reads subagents/pm-critic.md and executes the system prompt inline. Returns findings graded P0/P1/P2/P3 with concrete fix suggestions per finding, plus a layered Status Summary section and machine-readable Status YAML block per master plan D26.
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告
Provides production-ready Kubernetes manifest guidance including resource management, security, high availability, and configuration best practices. This skill should be used when working with Kubernetes YAML files, deployments, pods, services, or when users mention k8s, container orchestration, or cloud-native applications.
Write SQL, TypeScript, and dynamic table transforms for Goldsky Turbo pipelines. Use this skill for: decoding EVM event logs with _gs_log_decode (requires ABI) or transaction inputs with _gs_tx_decode, filtering and casting blockchain data in SQL, combining multiple decoded event types into one table with UNION ALL, writing TypeScript/WASM transforms using the invoke(data) function signature, setting up dynamic lookup tables to filter transfers by a wallet list you update at runtime (dynamic_table_check), chaining SQL and TypeScript steps together, or debugging null values in decoded fields. For full pipeline YAML structure, use /turbo-pipelines instead. For building an entire pipeline end-to-end, use /turbo-builder instead.
Set up GitHub Actions CI/CD to automatically regenerate putior workflow diagrams on push. Covers workflow YAML creation, R script for diagram generation with sentinel markers, auto-commit of updated diagrams, and README sentinel integration for in-place diagram updates. Use when workflow diagrams should always reflect the current state of the code, when multiple contributors may change workflow-affecting code, or when replacing manual diagram regeneration with an automated CI/CD pipeline.
Authors, reviews, installs, and debugs GitHub Agentic Workflows in repositories, including workflow markdown, frontmatter, gh aw compile and run flows, safe outputs, security guardrails, and operational patterns. Use when creating or maintaining GH-AW automation. Don't use for standard deterministic GitHub Actions YAML, generic CI pipelines, or non-GitHub automation systems.
Builds Nango Functions in a checked-out Zero YAML TypeScript Nango project using local files, index.ts registration, nango dryrun, generated tests, and optional nango deploy. Use when creating or updating Nango actions or syncs locally.