Loading...
Loading...
Found 1,259 Skills
Analyze HTTP security headers of web domains to identify vulnerabilities and misconfigurations. Use when you need to audit website security headers, assess header compliance, or get security recommendations for web applications. Trigger with phrases like "analyze security headers", "check HTTP headers", "audit website security headers", or "evaluate CSP and HSTS configuration".
Managing third-party dependencies — version pinning, security auditing, license compliance, update workflows, lockfile management, supply chain security. Activate on "npm audit", "dependabot", "renovate", "pin versions", "dependency update", "supply chain", "license compliance", "lockfile", "security advisory", "typosquatting", "SBOM". NOT for internal monorepo package management (use monorepo-management) or publishing your own packages to npm/PyPI.
Enables Customer-Managed Encryption Keys (CMEK) on CockroachDB Cloud clusters with the Advanced plan and Advanced Security Add-on to give organizations control over data-at-rest encryption keys via their cloud provider's KMS. Use when enabling CMEK for compliance, rotating encryption keys, or verifying CMEK configuration.
Adapts experiences across cultures and languages — not just translation, but cultural reconception. Part of the Intent design strategy system. When a product enters a new market, everything is in play: information density, navigation patterns, color meaning, icon comprehension, date formats, trust signals, payment flows, and the fundamental assumptions about how people make decisions. Trigger when: planning international expansion, auditing i18n readiness, adapting designs for RTL languages, reviewing cultural assumptions in a design, preparing localization test plans, or when someone says "we need to launch in [country]" and the plan is "just translate it." Also trigger for compliance reviews across markets (GDPR, PIPL, accessibility laws).
Novel outline/worldview/character design, applicable to user requests such as "Help me write a novel outline", "Design the protagonist's character", "Create a worldview setting", "Build a novel plot framework", "Write volume-specific detailed outlines", "Design novel characters for me", "Create a fantasy worldview", "Help me sort out the novel plot", "Novel character setting", "Write chapter-by-chapter outlines for novels", "Plan the arrangement of cool points", "Create novel character cards", "Build a novel world", etc. It generates complete worldviews, character cards, plot outlines, and cool point plans, with automatic compliance checks to avoid infringement risks. **When generating a large number of chapter detailed outlines, sub-Agents are used for parallel processing, and each Agent is responsible for at most 3 chapters' detailed outlines**
WCAG 2.1/2.2 compliance, WAI-ARIA implementation, screen reader optimization, keyboard navigation, and accessibility testing expert. Use PROACTIVELY for accessibility violations, ARIA errors, keyboard navigation issues, screen reader compatibility problems, or accessibility testing automation needs.
Semantic HTML, keyboard navigation, focus states, ARIA labels, skip links, and WCAG contrast requirements. Use when ensuring accessibility compliance, implementing keyboard navigation, or adding screen reader support.
Performs comprehensive security audit of any codebase against OWASP Top 10 2025. Use when user asks for OWASP audit, OWASP Top 10 review, OWASP security check, or wants to audit code against OWASP categories. Do not trigger for PR review, npm/pip audit, SOC2 compliance, general security questions, or threat modeling.
[Frontend] Review UI code for web interface design compliance covering WCAG 2.2/3.0 accessibility, responsive design, performance, usability, and modern best practices. Use when asked to 'review my UI', 'check accessibility', 'audit design', 'review UX', 'check responsive design', or 'check my site against best practices'. Actions: review, check, audit, analyze, validate. Topics: accessibility, WCAG, ARIA, semantic HTML, focus states, forms, animation, typography, content handling, images, performance, Core Web Vitals, navigation, touch interaction, responsive design, mobile-first, dark mode, internationalization, hydration.
Accessibility testing for web applications using Playwright (@playwright/test) with TypeScript and axe-core. Use when asked to write, run, or debug automated accessibility checks, keyboard navigation tests, focus management, ARIA/semantic validations, screen reader compatibility, or WCAG 2.1 Level AA compliance testing. Covers axe-core integration, POUR principles (perceivable, operable, understandable, robust), color contrast, form labels, landmarks, and accessible names.
Validates SQL schema files for compliance with internal safety and naming policies.
Use the workspace-hub unified CLI for repository management, compliance, development tools, and system configuration. Use for navigating workspace tools and executing common operations.