Loading...
Loading...
Found 59 Skills
Professional Skills and Methodologies for Secure Code Review
Security vulnerability detection and variant analysis skill. Use when hunting for dangerous APIs, footgun patterns, error-prone configurations, and vulnerability variants across codebases. Combines sharp edges detection with variant hunting methodology.
Verification boundary CLI that delegates tasks to autonomous agents. Use when the user wants to run forge, execute specs, run specs in parallel, audit code against specs, review changes, watch live logs, check run status, resume a session, or delegate complex multi-step work to an autonomous agent. Triggers include "forge run", "run this spec", "run specs in parallel", "audit the codebase", "review changes", "forge watch", "forge status", "rerun failed", "delegate this to forge".
This skill should be used when the user asks "where should I put this", "can X import from Y", "Angular folder structure", mentions feature isolation, lazy loading placement, dependency violations, architecture audit, circular dependency, import cycle, barrel file, bundle size, initial load performance, signal store placement, state management, or when creating/moving Angular components, services, or modules between folders. Also use when reviewing PRs for architectural compliance, scaffolding new features, or setting up eslint-boundaries. Angular enterprise architecture advisor for placement decisions, dependency rules, isolation patterns, and architectural verification.
Coverage-guided fuzzing workflow for C/C++, Rust, and Go targets. Runs audit-context-building to find suspicious code, writes a targeted harness, builds with sanitizers, runs the fuzzer, and reports crashes.
Weed the Allium garden. Find where Allium specifications and implementation code have diverged, and help resolve the divergences. Use when the user wants to check spec-code alignment, compare specs against implementation, audit for spec drift or violations, sync specs with code or code with specs, or verify whether the implementation matches what the spec says.
Reviews URLSession networking code for iOS/macOS. Covers async/await patterns, request building, error handling, caching, and background sessions.
Audit code compliance with AGENTS.md project guidelines. Checks adherence to project conventions, naming, patterns, and standards. Read-only analysis. Use before PR. Triggers: review agents.md adherence, check guidelines, project standards compliance.
Audit and improve SwiftUI runtime performance. Use for slow rendering, janky scrolling, high CPU, memory usage, excessive view updates, layout thrash, body evaluation cost, identity churn, view lifetime issues, lazy loading, Instruments profiling guidance, and performance audit requests.
Scan C# source files for hard-to-test static dependencies — DateTime.Now/UtcNow, File.*, Directory.*, Environment.*, HttpClient, Console.*, Process.*, and other untestable statics. Produces a ranked report of static call sites by frequency. USE FOR: find untestable statics, scan for static dependencies, testability audit, identify hard-to-mock code, find DateTime.Now usage, detect static coupling, testability report, static analysis for testability. DO NOT USE FOR: generating wrappers (use generate-testability-wrappers), migrating code (use migrate-static-to-wrapper), general code review, or finding statics that are already behind abstractions.
Identifies silent failures, inadequate error handling, and inappropriate fallback behavior in code. Zero tolerance for errors that occur without proper logging and user feedback. Triggers: When reviewing error handling, checking for silent failures, analyzing catch blocks. Examples: - "Review the error handling" -> audits all error handling in recent changes - "Check for silent failures" -> hunts for swallowed errors and empty catch blocks - "Analyze catch blocks in this PR" -> reviews every try-catch for adequacy - "Are there any hidden failures?" -> finds errors that get silently ignored
MUST be used whenever reviewing a Dune app for bugs, missing error states, unhandled promise rejections, or incorrect edge-case behaviour. Do NOT skip — run every step when the user asks for a correctness review, bug check, error handling audit, or robustness review. Triggers: correctness, error handling, bug, edge case, crash, unhandled, null, undefined, empty state, loading state, error boundary, try catch, async error, useEffect cleanup, type guard, runtime error, robustness.