Loading...
Loading...
Found 131 Skills
Augments Trailmark code graphs with external audit findings from SARIF static analysis results and weAudit annotation files. Maps findings to graph nodes by file and line overlap, creates severity-based subgraphs, and enables cross-referencing findings with pre-analysis data (blast radius, taint, etc.). Use when projecting SARIF results onto a code graph, overlaying weAudit annotations, cross-referencing Semgrep or CodeQL findings with call graph data, or visualizing audit findings in the context of code structure.
Inspection visuelle et revue de code pour la conformité aux Web Interface Guidelines. Se déclenche sur « review my UI », « check accessibility », « audit design », « review UX », « fix the layout », « find design problems ». Supporte l'analyse statique du code et l'inspection visuelle dans le navigateur avec correction automatique.
Deep Angular 21 clean code audit with parallel specialist agents and senior team lead. Scans architecture, signals, stores, AI slop, ViewModel patterns, and more. Guarantees craftsman-level output. Use whenever the user says 'clean code', 'audit Angular', 'review frontend', 'check quality', 'anti-patterns', wants Angular code reviewed, or needs senior-level code standards enforced — even if they don't say 'clean code' explicitly.
This skill should be used when the user asks "where should I put this", "can X import from Y", "Angular folder structure", mentions feature isolation, lazy loading placement, dependency violations, architecture audit, circular dependency, import cycle, barrel file, bundle size, initial load performance, signal store placement, state management, or when creating/moving Angular components, services, or modules between folders. Also use when reviewing PRs for architectural compliance, scaffolding new features, or setting up eslint-boundaries. Angular enterprise architecture advisor for placement decisions, dependency rules, isolation patterns, and architectural verification.
Scan C# source files for hard-to-test static dependencies — DateTime.Now/UtcNow, File.*, Directory.*, Environment.*, HttpClient, Console.*, Process.*, and other untestable statics. Produces a ranked report of static call sites by frequency. USE FOR: find untestable statics, scan for static dependencies, testability audit, identify hard-to-mock code, find DateTime.Now usage, detect static coupling, testability report, static analysis for testability. DO NOT USE FOR: generating wrappers (use generate-testability-wrappers), migrating code (use migrate-static-to-wrapper), general code review, or finding statics that are already behind abstractions.
Source code security audit using backward taint analysis, slot type classification, render context verification, and 3-phase parallel review producing an exploitation queue.
Identifies silent failures, inadequate error handling, and inappropriate fallback behavior in code. Zero tolerance for errors that occur without proper logging and user feedback. Triggers: When reviewing error handling, checking for silent failures, analyzing catch blocks. Examples: - "Review the error handling" -> audits all error handling in recent changes - "Check for silent failures" -> hunts for swallowed errors and empty catch blocks - "Analyze catch blocks in this PR" -> reviews every try-catch for adequacy - "Are there any hidden failures?" -> finds errors that get silently ignored
Audits code for design pattern opportunities and anti-patterns — identifies places where a specific GoF or architectural pattern would solve an observable problem, and flags misapplied patterns that add complexity without benefit. Generates fix prompts. Trigger phrases: "design patterns", "pattern check", "pattern review", "refactoring patterns", "pattern analysis".
Use when the user asks to investigate, audit, trace, or explain how a feature, issue, module, workflow, API, config, or behavior works across one or more codebase projects.
Professional Skills and Methodologies for Secure Code Review
Security vulnerability detection and variant analysis skill. Use when hunting for dangerous APIs, footgun patterns, error-prone configurations, and vulnerability variants across codebases. Combines sharp edges detection with variant hunting methodology.
Language-specific coding standards and validation rules. Provides Python, Go, Rust, TypeScript, Shell, YAML, JSON, and Markdown standards. Auto-loaded by /vibe, /implement, /doc, /bug-hunt, /complexity based on file types.