Loading...
Loading...
Found 2,967 Skills
Expert detection engineer specializing in SIEM rule development, MITRE ATT&CK coverage mapping, threat hunting, alert tuning, and detection-as-code pipelines for security operations teams.
Watch for the 11 known AI-coding-agent failure modes (fabrication, scope_creep, security_vulnerability, etc.) — consult this skill before edits, dependency adds, completion claims, or anything that could trip a known supervision concern. Quote the snake_case failure-mode ids verbatim when flagging risks.
Creates a production-ready VPC with public and private subnets across multiple Availability Zones, including internet gateway, NAT gateways, route tables, and security groups following AWS Well-Architected principles. Use when deploying multi-AZ VPC infrastructure with automatic CIDR planning and DNS resolution.
Adaptive teaching skill for developers, PMs, QA, designers, AI engineers, and security engineers — calibrated to your role and codebase, SM-2 spaced repetition, gamified with achievements, hunts weak spots with The Ambush, guides career growth to Founder.
Guides cloud compliance—mapping SOC 2, ISO 27001, HIPAA, PCI DSS, FedRAMP, and data-residency requirements to cloud controls; collecting audit evidence from AWS, GCP, and Azure APIs; shared-responsibility narratives; CSPM/Config continuous monitoring; customer assurance questionnaires (CAIQ/SIG); and cloud-specific gap remediation before attestations. Use when scoping regulated workloads in cloud, preparing cloud control evidence for auditors, interpreting provider compliance artifacts (BAA, PCI AOC, FedRAMP packages), or proving residency and logging in multi-account estates—not for org-wide GRC programs and audit coordination without cloud evidence (compliance-specialist), non-cloud systems evidence automation (compliance-engineer), implementing security guardrails (cloud-security-engineer), legal DPAs or contract redlines (commercial-counsel), security strategy (cybersecurity), or CI pipeline gates only (devsecops).
Guides failure-prevention culture and operational excellence for mission-critical engineering— zero-defect aspiration vs error budgets; HRO principles; defense-in-depth; fail-safe/fail-closed; verification gates and independent checks; redundancy and graceful degradation; pre-mortems and FMEA; stop-the-line; defect escape, near-miss, and repeat-incident metrics; leadership against normalization of deviance—not blame culture. Use for failure-prevention programs, HRO practices, verification gates, fail-safe design, pre-mortem/FMEA, stop-the-line, near-miss reporting, or defect-escape metrics—not SRE error budgets only (site-reliability-engineer), incident command only (incident-management-engineer), backup/restore only (cyber-resilience-engineer), CI lint only (build-validator), agile coaching, HR discipline, or classified ATO without ops-excellence lens (classified-cyber-security-senior-manager).
Guides technical program management—multi-team initiatives with dependencies, milestones, RAID tracking, launch readiness, stakeholder status, and cross-functional coordination across engineering, product, and infrastructure (not application code or BRDs). Use when running a technical program, dependency maps, milestones, exec status, or unblocking cross-team delivery—not for requirements (business-analyst), rollout (deployment-strategist), CI/CD (devops), data roadmaps (data-manager), or single-team delivery (fullstack-software-engineer). Incidents: incident-management-engineer. Architecture: senior-system-architecture. Strategy: business-consultant. Comms: communication-lead. DC site build: data-center-design-execution-lead. DC portfolio: data-center-portfolio-planning-execution-lead. M&A/financing deal execution and closing matrix: transaction-manager. Exec/VIP and community customer escalations: community-executive-escalations-program-manager. CVD/disclosure: technical-program-manager-security-cvd.
Coordinate multi-perspective project, code, docs, design, or delivery reviews into focused recommendations. Use for multiple subagents, perspectives, named roles like UI/UX, DevOps, architecture, security, docs, or integrated feedback before changes.
Walk the user through a PR as a single top-to-bottom narrative ordered by dependency/causal flow, with a heavy scrutiny pass for bugs, missing tests, scope creep, and security. Operates on a temp git worktree so it works while the main working tree is dirty. Use when the user asks to review a PR, walk through a PR, review a PR, or review one branch against another.
Use when securing Spring Boot API endpoints with JWT Bearer token validation, scope-based authorization, or DPoP proof-of-possession - integrates com.auth0:auth0-springboot-api SDK for REST APIs receiving access tokens from frontends or mobile apps. Triggers on Auth0AuthenticationFilter, Spring Boot API auth, JWT validation, SecurityFilterChain, hasAuthority SCOPE.
Local mirror of OpenAI Codex product documentation (developers.openai.com/codex): CLI, Cloud, web app, IDE extension, hooks, skills, plugins, MCP, subagents, AGENTS.md, prompts, rules, sandboxing, models, pricing, security, and configuration. Use whenever the user asks how Codex behaves, how to install or configure Codex, or what a Codex flag, slash command, or feature does (including informal phrasing such as "hooks", "--resume", "sandbox modes", "cloud environments"). Read this skill's references/ before generic web search for Codex product questions. Do NOT use for Claude Code, Cursor, or other agents -- in particular, do not use for "Claude Code hooks" or general OpenAI API, ChatGPT, Realtime, or non-Codex coding help.
Builds, runs, debugs, and operates applications on AWS Lambda MicroVMs — Firecracker-isolated, snapshot-resumable serverless compute environments running inside a container with up to 8 hr lifetimes. Applicable when workloads need strong isolation between tenants, isolated serverless compute, sandbox compute, or secure multi-tenant execution. Also suited for AI/agent code-execution sandboxes, interactive code playgrounds and notebooks (Jupyter, REPLs, dev environments running user-supplied code), reinforcement-learning environments, multi-tenant CI executors and build runners, sessionful game or simulation servers, or isolated security scanners. Also applicable when the workload needs long-lived sessions, a real port-listening server (gRPC, WebSocket, custom TCP protocols), state preserved across periods of inactivity (suspend/resume), container-level access (FUSE, eBPF, custom syscalls), or session-affine routing.