Loading...
Loading...
Found 435 Skills
Complete bug bounty workflow — recon (subdomain enumeration, asset discovery, fingerprinting, HackerOne scope, source code audit), pre-hunt learning (disclosed reports, tech stack research, mind maps, threat modeling), vulnerability hunting (IDOR, SSRF, XSS, auth bypass, CSRF, race conditions, SQLi, XXE, file upload, business logic, GraphQL, HTTP smuggling, cache poisoning, OAuth, timing side-channels, OIDC, SSTI, subdomain takeover, cloud misconfig, ATO chains, agentic AI), LLM/AI security testing (chatbot IDOR, prompt injection, indirect injection, ASCII smuggling, exfil channels, RCE via code tools, system prompt extraction, ASI01-ASI10), A-to-B bug chaining (IDOR→auth bypass, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth), bypass tables (SSRF IP bypass, open redirect bypass, file upload bypass), language-specific grep (JS prototype pollution, Python pickle, PHP type juggling, Go template.HTML, Ruby YAML.load, Rust unwrap), and reporting (7-Question Gate, 4 validation gates, human-tone writing, templates by vuln class, CVSS 3.1, PoC generation, always-rejected list, conditional chain table, submission checklist). Use for ANY bug bounty task — starting a new target, doing recon, hunting specific vulns, auditing source code, testing AI features, validating findings, or writing reports. 中文触发词:漏洞赏金、安全测试、渗透测试、漏洞挖掘、信息收集、子域名枚举、XSS测试、SQL注入、SSRF、安全审计、漏洞报告
Analyze tender and procurement documents (PDF, Word, images) to extract qualification requirements, scoring criteria, key deadlines, prohibited clauses, and submission checklists. Uses SoMark for accurate parsing of complex government and enterprise procurement documents. Requires SoMark API Key (SOMARK_API_KEY).
Plan and execute earned media outreach and journalist relationships by producing a Media Relations Pack (newsworthiness brief, media list, exclusive/embargo plan, pitch templates, outreach tracker, interview prep, press materials checklist). Use for PR, media outreach, press pitch, embargo, exclusive, press release, and journalist pitching. Category: Marketing.
Automated code review for Arduino/ESP32/RP2040 projects focusing on best practices, memory safety, and common pitfalls. Use when user wants code feedback, says "review my code", needs help improving code quality, or before finalizing a project. Generates actionable checklists and specific improvement suggestions.
Prepare for journalism interviews with research checklists, question frameworks, and attribution guidelines. Use when preparing to interview sources, planning follow-up questions, or managing interview logistics. Covers consent, recording laws, and professional protocols.
Break down a change into an implementation task checklist. Trigger: When the orchestrator launches you to create or update the task breakdown for a change.
Takes a campaign brief and submitted creator content description and produces a structured pass/fail checklist against every brief requirement. This skill should be used when checking if creator content matches the brief, reviewing influencer deliverables against requirements, auditing submitted content for brief compliance, verifying a creator hit all the brief requirements, running a content QA check before approval, comparing a draft to the original brief, grading content against campaign specifications, or reviewing creator submissions before giving approval. For converting raw feedback into a polished revision request to send to a creator, see content-approval-feedback-formatter. For FTC disclosure compliance specifically, see ftc-disclosure-spot-checker.
Use when making design decisions, reviewing UI for HIG compliance, choosing colors/backgrounds/typography, or defending design choices - quick decision frameworks and checklists for Apple Human Interface Guidelines
Maintain `*-skills` README standards and checklist-style roadmap docs through one canonical maintenance entrypoint. Use when a repo needs profile-aware README maintenance, checklist roadmap validation or migration, or a bounded audit-first doc workflow with Markdown and JSON reporting.
Expert guidance for designing, assessing, and optimizing Azure workloads using Azure Well Architected. Covers design review checklists, recommendations, design principles, tradeoffs, service guides, workload patterns, and assessment questions. Use when designing AI, SAP, Oracle, SaaS, HPC, or mission‑critical workloads on Azure, and other Azure Well Architected related development tasks.
Mechanize Pattern 15 — the seven-pass adversarial review protocol for academic manuscripts. Spawns 7 forked subagents in parallel (abstract, intro, methods, results, robustness, prose, citations), then synthesizes a prioritized revision checklist. Use for submission-ready or R&R-stage papers where single-pass review isn't enough.
Phase 1 of the feature workflow — Draft a design document for the new feature, which serves as the sole input for subsequent implementation and acceptance. First gather evidence (read architecture docs, review relevant code, grep to prevent term conflicts, check archives), then write a complete first draft in one go (including YAML frontmatter + three-layer structure + test design), submit it to the user for overall review, and iterate until approval. After approval, extract {slug}-checklist.yaml from {slug}-design.md for use in the next two phases. Trigger scenarios: "Start designing the solution", "Write design doc", "Prepare to implement XX", with the prerequisite that you already know what to do, who it's for, and how to define success.