Loading...
Loading...
Found 1,476 Skills
Use when reviewing code for security vulnerabilities, implementing authentication or authorization, handling user input, managing secrets, or auditing dependencies for known CVEs. Triggers: auth implementation, input handling, secrets management, dependency audit, pre-deployment security check, OWASP compliance review.
Audit, implement, and fix web accessibility with a screen-reader-first lens. Use when building or reviewing UI components, forms, dialogs, navigation, dynamic content, or any interactive element. Covers WCAG 2.2 AA compliance, ARIA patterns, keyboard navigation, focus management, and assistive technology compatibility (NVDA, JAWS, VoiceOver). Trigger on: "accessible", "a11y", "screen reader", "WCAG", "ARIA", or when adding any interactive UI.
Static inspection of Triton operator code quality (Host side + Device side) for Ascend NPU. Used when users need to identify potential bugs, API misuses, and performance risks by reading code. Core capabilities: (1) Ascend API constraint compliance check (2) Mask integrity verification (3) Precision processing review (4) Code pattern recognition. Note: This Skill only focuses on static code analysis; compile-time and runtime issues are handled by other Skills.
Explain MotherDuck security, governance, and access-control patterns. Use when a security_compliance_owner, technical_owner, or application_builder is asking about residency, access boundaries, service accounts, isolation, sharing, or governance posture.
Use when reviewing WordPress plugins for GPL compliance, checking license headers or compatibility, evaluating upsell/freemium/trialware patterns, validating plugin naming or trademark rules, checking plugin slugs, understanding why a plugin was rejected from WordPress.org, or answering any question about the 18 WordPress.org Plugin Directory guidelines — even if the user doesn't mention 'guidelines' explicitly.
Observe.AI platform help — enterprise contact center intelligence with Auto QA scoring on 100% of interactions, Agent Copilot real-time guidance, Coaching Copilot post-call performance management, VoiceAI and ChatAI virtual agents, screen recording, Insights Copilot. Use when setting up Observe.AI Auto QA scorecards for contact center agents, Agent Copilot not surfacing guidance during live calls, transcription accuracy issues or speaker attribution errors, comparing Observe.AI vs Balto or Cresta or CallMiner for contact center QA, integrating Observe.AI with Five9 or Amazon Connect or Talkdesk, or configuring compliance monitoring and regulatory audit trails. Do NOT use for building a general coaching program (use /sales-coaching) or reviewing a specific call transcript (use /sales-call-review).
Answer Enable Banking API FAQs and apply best practices for ASPSP/PSU terminology, pricing and activation expectations, production compliance fields, restricted application account linking, ASPSP identifiers and BICs, beta integrations, user identification, balances, transaction history and continuation keys, PSU headers, rate limits, JWT handling, session validity, expired sessions, language selection, ASPSP_ERROR retries, iframe/WebView/CORS issues, payment statuses, bulk payments, TPP infrastructure, and sandbox credential lookup. Use when Codex needs to explain edge cases, design robust Enable Banking behavior, or troubleshoot recurring API and UX problems.
Review code changes against accepted ADRs for compliance violations
EU AI Act (Regulation (EU) 2024/1689) operational compliance for compliance teams. Three Article-level decisions: (1) What's the risk tier of this AI system — prohibited (Art. 5), high-risk (Art. 6 + Annex III), limited-risk (Art. 50), or minimal-risk? (2) For high-risk systems, what's the Article 43 conformity assessment route (Module A internal control vs Module H full QMS + notified body) and what goes in the Annex IV technical documentation? (3) Per organizational role (provider / deployer / importer / distributor / authorized representative), what are the active obligations and deadlines? Use during AI system intake review, when planning conformity assessment, or when scoping deployer obligations. Cites Articles + Annexes for every output. NOT executive AI strategy (see chief-ai-officer-advisor). NOT a legal substitute.
Generate end-to-end investment proposals covering risk profiling, model portfolio recommendation, fee illustration, projections, and compliance review. Use when the user asks about creating a proposal for a prospect, mapping risk questionnaire scores to model portfolios, building fee illustrations with tiered costs, producing Monte Carlo or scenario projections, analyzing a prospect's current portfolio for improvement opportunities, reviewing proposals for SEC Marketing Rule compliance, or designing proposal templates for a multi-advisor firm. Also trigger when users mention 'investment proposal', 'proposal generation', 'risk profiling', 'Riskalyze', 'Nitrogen', 'fee illustration', 'transition analysis', 'current vs proposed portfolio', or 'proposal compliance review'.
Cross-border selling on TikTok Shop — market selection, logistics, localization, compliance
Use when reviewing, scoring, or auditing third-party SaaS / vendor relationships — running a vendor scorecard, tracking SLA compliance, classifying third-party risk, preparing a tier-1 vendor review, or auditing the SaaS portfolio. Triggers on "vendor SLA", "vendor scorecard", "third-party risk", "TPRM", "vendor review", "SaaS audit", "supplier performance", "vendor health check", "renewal review". Forks context so large vendor catalogs (50-500 line items) and SLA logs don't pollute the parent thread. Ships 3 stdlib-only Python tools (vendor scorer with industry tuning, SLA compliance tracker with credit-claim flags, vendor risk classifier across 4 risk vectors), 3 reference docs each citing 7+ authoritative sources (Gartner / Shared Assessments / NIST / ISO 27036 / breach post-mortems), and a 5-vendor catalog template. Distinct from c-level-advisor/general-counsel-advisor (contract law, not operational management), business-growth/contract-and-proposal-writer (outbound proposals, not inbound vendor scoring), and sibling procurement-optimizer (spend categorization, not vendor performance).