Identifies and fixes XSS, SQL injection, and command injection vulnerabilities with validation schemas, sanitization libraries, and safe coding patterns. Use for "input validation", "XSS prevention", "SQL injection", or "sanitization".
Comprehensive security architecture combining threat modeling, security-first design, secure coding review, and compliance validation. Consolidated from threat-modeling, security-first-design, secure-coding-review, and compliance-validator.
Clarify requirements before implementing. Do not use automatically, only when invoked explicitly.
Implement security best practices across the application stack. Use when securing APIs, implementing authentication, preventing vulnerabilities, or conducting security reviews. Covers OWASP Top 10, auth patterns, input validation, encryption, and security monitoring.
Verify claims in generated output against sources. Use as a separate pass AFTER content generation to catch hallucinations. Critical constraint - cannot be reliably combined with generation in a single pass.
Find and fix broken or insecure links across an entire site, including CMS content, to improve SEO and user experience. Audits HTTP/HTTPS issues and validates all internal and external links.
You are a configuration management expert specializing in validating, testing, and ensuring the correctness of application configurations. Create comprehensive validation schemas, implement configurat
Detects leaked API keys, tokens, passwords, and credentials in code with pre-commit hooks, CI checks, scanning rules, and remediation procedures. Use for "secret scanning", "credential detection", "API key leaks", or "secret management".
Implements OAuth 2.0 and OpenID Connect authentication flows with secure token handling and provider integration. Use when users request "OAuth setup", "OIDC implementation", "social login", "SSO integration", or "authentication flow".
Implements role-based access control with permission matrix, route guards, policy functions, and UI permission hints. Provides middleware/guards, helper utilities, test suggestions, and permission checking patterns. Use when building "RBAC", "permissions", "access control", or "authorization".
Production-ready Auth.js v5 setup for Next.js and Cloudflare Workers. Use when: setting up authentication, implementing OAuth/credentials/magic links, configuring D1 or PostgreSQL adapters, debugging session issues, migrating from v4 to v5, fixing edge compatibility, troubleshooting JWT/database sessions, resolving AUTH_SECRET errors, fixing CallbackRouteError, or implementing RBAC. Covers: Next.js App Router & Pages Router, Cloudflare Workers + D1, OAuth providers (GitHub, Google, etc.), credentials auth, magic links, JWT vs database sessions, middleware patterns, role-based access control, token refresh, edge runtime compatibility, and common error prevention. Keywords: Auth.js, NextAuth.js, authentication, OAuth, credentials, magic links, D1 adapter, Cloudflare Workers, Next.js middleware, JWT session, database session, refresh tokens, RBAC, edge compatibility, AUTH_SECRET, CallbackRouteError, CredentialsSignin, JWEDecryptionFailed, session not updating, route protection
Reviews authentication and authorization implementation for session management, CSRF, cookie security, and auth flow vulnerabilities with findings, severity assessment, and fix recommendations. Use for "auth review", "session security", "CSRF protection", or "authentication audit".
Better-auth integration for authentication. Use when implementing login, registration, protected routes, or email verification.
Use vitest + jsdom for fast, lightweight unit tests for front-end apps
To run a custom Playwright script on the page, execute a code snippet for advanced interactions.
Generates deterministic seed data for development and testing with factory functions, realistic fixtures, and database reset scripts. Use for "data seeding", "test fixtures", "database seeding", or "mock data generation".
Sets up Storybook for component documentation with controls, actions, accessibility testing, and visual regression. Use when users request "Storybook setup", "component documentation", "UI library", "component stories", or "design system docs".
Guide for testing C components in the SPLED environment using GTest/GMock. Use when user needs to design test cases, write tests, debug test failures, add test traceability, or understand testing strategy for a component. Covers test design, traceability to requirements, mock setup, and debugging patterns.
Test-Driven Development specifically for Laravel applications using Pest PHP. Use when implementing any Laravel feature or bugfix - write the test first, watch it fail, write minimal code to pass.
This skill should be used when creating new integration tests for Breenix kernel features. Use for writing shared QEMU tests with checkpoint signals, creating xtask test commands, adding test workflows, and following Breenix testing patterns.
To install the Playwright browser defined in config, run this when the browser is missing or not installed.
Usa esta skill para escribir y ejecutar tests (unitarios, integración, e2e) en el backend de ObsidianRAG usando pytest y mocks.
Creates factories and builders for generating consistent, composable test data with realistic values and relationship handling. Use for "test factories", "test data builders", "fixture factories", or "test data generation".
