Loading...
Loading...
Found 1,281 Skills
Audit websites for accessibility issues and WCAG compliance. Use when checking accessibility, fixing a11y issues, or ensuring WCAG compliance.
Use when handling authentication, authorization, encryption, HIPAA compliance, SOC 2, privacy policies, penetration testing, or any security and compliance concerns
Evaluate agents and skills for quality, completeness, and standards compliance using a 6-step rubric: Identify, Structural, Content, Code, Integration, Report. Use when auditing agents/skills, checking quality after creation or update, or reviewing collection health. Triggers: "evaluate", "audit", "check quality", "review agent", "score skill". Do NOT use for creating or modifying agents/skills — only for read-only assessment and scoring.
Fresh-subagent-per-task execution with two-stage review (ADR compliance + code quality). Use when an implementation plan exists with mostly independent tasks and you want quality gates between each. Use for "execute plan", "subagent", "dispatch tasks", or multi-task implementation runs. Do NOT use for single simple tasks, tightly coupled work needing shared context, or when the user wants manual review after each task.
Audits all OrchestKit skills for quality, completeness, and compliance with authoring standards. Use when checking skill health, before releases, or after bulk skill edits to surface SKILL.md files that are too long, have missing frontmatter, lack rules/references, or are unregistered in manifests.
Use when building Rails features that handle personal data, adding encryption to models, implementing consent flows, building DSAR endpoints, or adding anonymization/pseudonymization. Also use when reviewing code for compliance with privacy laws like GDPR and LGPD, or when asked about privacy-by-design patterns in Rails.
Cross-format document accessibility rule reference with WCAG 2.2 mapping. Use when looking up accessibility rules for Word (DOCX-*), Excel (XLSX-*), PowerPoint (PPTX-*), or PDF (PDFUA.*, PDFBP.*, PDFQ.*) documents, or when mapping findings to WCAG success criteria for compliance reporting.
Design and operate privacy and data security programs for SEC-registered firms under Reg S-P, Reg S-ID, and SEC cybersecurity expectations. Use when the user asks about privacy notices, the Safeguards Rule, identity theft prevention programs, breach notification obligations, vendor security due diligence, incident response planning, data classification, or state privacy law compliance. Also trigger when users mention 'customer data was exposed', 'do we need to notify clients of a breach', 'cybersecurity exam prep', 'cloud vendor risk assessment', 'encrypting client data', 'BYOD security policy', 'Red Flags Rule', 'NY DFS 500 requirements', or ask how to handle a cybersecurity incident.
Guide the design and maintenance of recordkeeping programs under SEC Rules 17a-3, 17a-4, and 204-2. Use when the user asks about document retention schedules, how long to keep trade records or customer complaints, WORM storage requirements, email or text message archiving, social media capture, BYOD compliance policies, or electronic storage audit trails. Also trigger when users mention 'we got an exam request for records', 'migrating to a new archiving vendor', 'blotter retention', 'order ticket requirements', 'off-channel communications', 'WhatsApp archiving', or ask how long specific records must be kept.
Execute a complete tax-loss harvesting workflow from candidate identification through post-harvest monitoring. Use when the user asks about finding TLH candidates, gain/loss budgeting, replacement security selection, wash-sale compliance, or harvest execution planning. Also trigger when users mention 'unrealized losses in my portfolio', 'swap ETFs for tax purposes', 'harvest losses before year-end', 'substantially identical security', 'wash-sale window', 'NIIT offset', 'loss carryforward', or ask how much tax they can save by harvesting.
Guide fee disclosure compliance across advisory, brokerage, fund, and retirement plan contexts. Use when the user asks about Form ADV Item 5 fee schedules, prospectus fee table format, Reg BI cost disclosure obligations, 12b-1 fee transparency, revenue sharing arrangements, wrap fee program costs, or ERISA 408(b)(2) service provider fee disclosure. Also trigger when users mention 'hidden fees', 'total cost to the client', 'are we disclosing all layers of fees', 'expense ratio comparison', 'fee billing in advance vs arrears', 'share class selection', 'indirect compensation', or ask whether fee disclosures are complete and compliant.
Use when reviewing code for security vulnerabilities, implementing authentication or authorization, handling user input, managing secrets, or auditing dependencies for known CVEs. Triggers: auth implementation, input handling, secrets management, dependency audit, pre-deployment security check, OWASP compliance review.