Loading...
Loading...
Found 2,137 Skills
Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG) methodology to identify vulnerabilities in authentication, authorization, input validation, session management, and business logic. The tester uses Burp Suite as the primary interception proxy alongside manual testing techniques to find flaws that automated scanners miss. Activates for requests involving web app pentest, OWASP testing, application security assessment, or web vulnerability testing.
Generates Angular code and provides architectural guidance. Trigger when creating projects, components, or services, or for best practices on reactivity (signals, linkedSignal, resource), forms, dependency injection, routing, SSR, accessibility (ARIA), animations, styling (component styles, Tailwind CSS), testing, or CLI tooling.
Use this skill whenever the user wants to build, scaffold, modify, debug, or ship a web application, including React/Vite/Next.js/Vue/Svelte apps, full-stack prototypes, dashboards, landing pages with interactivity, games, admin panels, CRUD apps, API-backed UIs, authentication flows, database-connected apps, or when they say things like "build a web app", "make a frontend", "create a SaaS prototype", "turn this idea into an app", "搭建 Web 应用", "做一个网站应用", or "帮我开发前端". This skill should trigger even if the user does not explicitly mention a framework, because it guides framework selection, project structure, implementation, testing, live preview, and Git commits after each working slice.
Run an independent code review using the OpenAI Codex CLI in headless mode. Gets a second opinion from a different model family (GPT-5/o3) on recent changes, a PR, a commit, or the whole app — covering bugs, regressions, security, data consistency, UX/state bugs, performance risks, and testing gaps. Saves a severity-prioritised report to .jez/reviews/. Triggers: 'codex review', 'review with codex', 'second opinion on this code', 'independent code review', 'what does codex think', 'get codex to review'.
Disciplined spec-driven test-driven development workflow for building software with AI coding agents. Transforms ambiguous requests into verified implementations through structured specification, test derivation, and strict TDD. Handles greenfield projects, brownfield enhancements (with or without existing tests), refactors, and complex bug fixes with workflow-specific guidance for each. Use when the user requests a new feature, module, enhancement, refactor, API, data pipeline, CLI tool, or system with multiple requirements, edge cases, or unclear specifications. Also use for complex bug fixes requiring root cause analysis. Triggers on phrases like "add a feature", "implement", "build a new module", "build an API", "build a CLI", "build a data pipeline", "refactor", "fix this bug", "write tests for", "TDD", "test-first", "the requirements are unclear", "characterization tests", or "spec this out". Triggers when modifying code with adjacent test files (`tests/`, `*_test.py`, `*.test.ts`, `*.spec.ts`, `spec/`, `__tests__/`) or test framework config (pytest.ini, jest.config.*, go.mod with testing imports, Cargo.toml with [dev-dependencies], package.json with a test script). Triggers when the user mentions edge cases, invariants, acceptance criteria, EARS notation, or red-green-refactor. Do NOT use for simple one-line fixes, cosmetic changes, formatting, renames, dependency bumps, or tasks where requirements are already fully specified with tests provided.
Clean AI refusal responses from Codex/Claude/OpenCode sessions and inject CTF prompts for security testing workflows
Analyzes the variety and depth of assertions across .NET test suites. Use when the user asks to evaluate assertion quality, find shallow testing, identify assertion-free tests (no assertions or only trivial ones like Assert.IsNotNull), flag self-referential or tautological assertions (output equals input on identity/round-trip operations), measure assertion coverage diversity, or audit whether tests verify different facets of correctness. Produces metrics and actionable recommendations. Works with MSTest, xUnit, NUnit, TUnit. DO NOT USE FOR: writing new tests (use writing-mstest-tests), other anti-patterns like flakiness or duplication (use test-anti-patterns), or fixing assertions.
Guides senior front-end software engineering—TypeScript/React/Next.js architecture, component design, client and server rendering, state and data fetching, styling and design systems, accessibility (WCAG), performance (Core Web Vitals), testing, and senior-level UI code review. Use when building or refactoring complex UIs, designing component APIs, optimizing LCP/INP/CLS, implementing accessible interactions, integrating design tokens, or reviewing front-end PRs—not for backend APIs or databases (fullstack-software-engineer, senior-fullstack-developer), design-only critiques without implementation, CI/CD (devops), or cross-service system RFCs (senior-software-engineer). For implementing screens from design specs, component states, and visual QA, use ui-software-engineer. Deep perf investigations and load/RUM analysis: performance-engineer.
Guides engineering of multi-agent systems—agent roles and specialization, orchestration topologies (supervisor, peer-to-peer, hierarchical, blackboard), task decomposition and routing, inter-agent messaging (A2A-style patterns), shared vs partitioned state, fan-out/fan-in and DAG workflows, synchronization and consensus, conflict resolution, fault tolerance and retries across agents, cost/latency/token budgets, cross-agent observability, testing multi-agent flows, and deployment (queues, durable workflows). Framework-agnostic; high-level LangGraph, Deep Agents, and agenthub—not single-agent loops (agentic-ai-developer), ML training (ai-engineer), strategy-only whiteboard (enterprise-strategist), or PM planning (technical-program-manager). Use for multi-agent system, multi-agent engineer, agent orchestration, supervisor agent, agent topology, fan-out fan-in, agent handoff protocol, multi-agent workflow, agent coordination, blackboard pattern, hierarchical agents, A2A, agent DAG, multi-agent architecture.
Use when testing, reviewing, pressure-testing, refining, packaging, or validating agent skills for academic research workflows before installing or relying on them.
Comprehensive SAP Joule CLI (formerly sapdas CLI) assistant for managing digital assistants from the command line — compiling capabilities, deploying assistants, running BDD tests, linting, and troubleshooting errors. Use this skill whenever the user mentions "joule cli", "sapdas", "joule compile", "joule deploy", "joule test", "joule login", "joule lint", digital assistant deployment, capability compilation, DAAR files, RTA artifacts, or any task involving the Joule command line interface — even if they just say something like "deploy my assistant" or "how do I log in to Joule from the terminal". Also trigger when the user asks about testing Joule capabilities with Cucumber, linking AI assistants, managing deployed assistants, or automating Joule workflows in CI/CD pipelines.
Solana development: Anchor and Pinocchio programs, Kit clients, wallet flows, testing. Use when building a Solana dapp or program (e.g. write Anchor escrow, create SPL token, wallet-standard login, debug PDA, deploy to devnet).