security
38
security-headers-configuration
Configure HTTP security headers including CSP, HSTS, X-Frame-Options, and XSS protection. Use when hardening web applications against common attacks.
aj-geddes
testing-security
sorting
stars
current ordering strategy
query
all entries
refine the visible subset
security
38
oauth-implementation
Implement secure OAuth 2.0, OpenID Connect (OIDC), JWT authentication, and SSO integration. Use when building secure authentication systems for web and mobile applications.
aj-geddes
testing-security
security
38
session-management
Implement secure session management systems with JWT tokens, session storage, token refresh, logout handling, and CSRF protection. Use when managing user authentication state, handling token lifecycle, and securing sessions.
aj-geddes
testing-security
security
38
vulnerability-scanning
Automated vulnerability detection using OWASP tools, CVE databases, and security scanners. Use when performing security audits, compliance checks, or continuous security monitoring.
aj-geddes
testing-security
testing
38
test-data-generation
Generate realistic, consistent test data using factories, fixtures, and fake data libraries. Use for test data, fixtures, mock data, faker, test builders, and seed data generation.
aj-geddes
testing-security
testing
38
integration-testing
Design and implement integration tests that verify component interactions, API endpoints, database operations, and external service communication. Use for integration test, API test, end-to-end component testing, and service layer validation.
aj-geddes
testing-security
testing
38
mocking-stubbing
Create and manage mocks, stubs, spies, and test doubles for isolating unit tests from external dependencies. Use for mock, stub, spy, test double, Mockito, Jest mocks, and dependency isolation.
aj-geddes
testing-security
testing
38
mutation-testing
Evaluate test suite quality by introducing code mutations and verifying tests catch them. Use for mutation testing, test quality, mutant detection, Stryker, PITest, and test effectiveness analysis.
aj-geddes
testing-security
testing
38
property-based-testing
Design property-based tests that verify code properties hold for all inputs using automatic test case generation. Use for property-based, QuickCheck, hypothesis testing, generative testing, and invariant verification.
aj-geddes
testing-security
testing
38
frontend-testing
Implement comprehensive frontend testing using Jest, Vitest, React Testing Library, and Cypress. Use when building robust test suites for UI and integration tests.
aj-geddes
testing-security
testing
38
unit-testing-framework
Write comprehensive unit tests with high coverage using testing frameworks like Jest, pytest, JUnit, or RSpec. Use when writing tests for functions, classes, components, or establishing testing standards.
aj-geddes
testing-security
testing
38
test-automation-framework
Design and implement scalable test automation frameworks with Page Object Model, fixtures, and reporting. Use for test framework, page object pattern, test architecture, test organization, and automation infrastructure.
aj-geddes
testing-security
code-quality
37
dignified-python-313
This skill should be used when editing Python code in the erk codebase. Use when writing, reviewing, or refactoring Python to ensure adherence to LBYL exception handling patterns, Python 3.13+ type syntax (list[str], str | None), pathlib operations, ABC-based interfaces, absolute imports, and explicit error boundaries at CLI level. Also provides production-tested code smell patterns from Dagster Labs for API design, parameter complexity, and code organization. Essential for maintaining erk's dignified Python standards.
C00ldudeNoonan
testing-security
security
37
mapbox-token-security
Security best practices for Mapbox access tokens, including scope management, URL restrictions, rotation strategies, and protecting sensitive data. Use when creating, managing, or advising on Mapbox token security.
mapbox
testing-security
security
37
python-security-scan
Comprehensive security vulnerability scanner for Python projects including Flask, Django, and FastAPI applications. Detects OWASP Top 10 vulnerabilities, injection flaws, insecure deserialization, authentication issues, hardcoded secrets, and framework-specific security problems. Audits dependencies for known CVEs and generates actionable security reports.
sugarforever
testing-security
testing
37
fuel-browser
Control a headless browser for testing, screenshots, and web automation. Use when testing web pages, taking screenshots, interacting with web pages, verifying UI changes, or scraping rendered HTML.
ashleyhindle
testing-security
testing
37
test-writer
Write comprehensive tests following TDD and BDD principles
athola
testing-security
code-quality
36
code-review
**MANDATORY**: Apply when reviewing code changes, PR diffs, or code-review requests. Enforces quality standards, warning seriousness, and meaningful comments.
vereis
testing-security