Loading...
Loading...
Found 1,136 Skills
Use when building Rails features that handle personal data, adding encryption to models, implementing consent flows, building DSAR endpoints, or adding anonymization/pseudonymization. Also use when reviewing code for compliance with privacy laws like GDPR and LGPD, or when asked about privacy-by-design patterns in Rails.
Audit changed Vue/RDS UI for WCAG 2.1 Level A/AA compliance and return actionable, severity-ranked findings with file references. Use when reviewing frontend changes, preparing PRs, or validating release readiness.
Use this skill to review implemented UI code for WCAG accessibility compliance. Triggers when reviewing components, pages, or templates for accessibility, auditing a feature after implementation, or answering questions about accessible patterns, ARIA, keyboard navigation, or screen reader support.
Audit Chrome extensions for security issues, best practice violations, performance problems, and CWS compliance. Scans manifest, code, CSP, message handlers, storage, and dependencies.
Cross-format document accessibility rule reference with WCAG 2.2 mapping. Use when looking up accessibility rules for Word (DOCX-*), Excel (XLSX-*), PowerPoint (PPTX-*), or PDF (PDFUA.*, PDFBP.*, PDFQ.*) documents, or when mapping findings to WCAG success criteria for compliance reporting.
Audit completed implementation against the spec and produce a gap report with compliance matrix, risks, remediation steps, and a go/no-go production readiness decision. Use after implementation is complete.
Design and operate privacy and data security programs for SEC-registered firms under Reg S-P, Reg S-ID, and SEC cybersecurity expectations. Use when the user asks about privacy notices, the Safeguards Rule, identity theft prevention programs, breach notification obligations, vendor security due diligence, incident response planning, data classification, or state privacy law compliance. Also trigger when users mention 'customer data was exposed', 'do we need to notify clients of a breach', 'cybersecurity exam prep', 'cloud vendor risk assessment', 'encrypting client data', 'BYOD security policy', 'Red Flags Rule', 'NY DFS 500 requirements', or ask how to handle a cybersecurity incident.
Guide the design and maintenance of recordkeeping programs under SEC Rules 17a-3, 17a-4, and 204-2. Use when the user asks about document retention schedules, how long to keep trade records or customer complaints, WORM storage requirements, email or text message archiving, social media capture, BYOD compliance policies, or electronic storage audit trails. Also trigger when users mention 'we got an exam request for records', 'migrating to a new archiving vendor', 'blotter retention', 'order ticket requirements', 'off-channel communications', 'WhatsApp archiving', or ask how long specific records must be kept.
Execute a complete tax-loss harvesting workflow from candidate identification through post-harvest monitoring. Use when the user asks about finding TLH candidates, gain/loss budgeting, replacement security selection, wash-sale compliance, or harvest execution planning. Also trigger when users mention 'unrealized losses in my portfolio', 'swap ETFs for tax purposes', 'harvest losses before year-end', 'substantially identical security', 'wash-sale window', 'NIIT offset', 'loss carryforward', or ask how much tax they can save by harvesting.
Guide fee disclosure compliance across advisory, brokerage, fund, and retirement plan contexts. Use when the user asks about Form ADV Item 5 fee schedules, prospectus fee table format, Reg BI cost disclosure obligations, 12b-1 fee transparency, revenue sharing arrangements, wrap fee program costs, or ERISA 408(b)(2) service provider fee disclosure. Also trigger when users mention 'hidden fees', 'total cost to the client', 'are we disclosing all layers of fees', 'expense ratio comparison', 'fee billing in advance vs arrears', 'share class selection', 'indirect compensation', or ask whether fee disclosures are complete and compliant.
Prepare advisors for client review meetings by assembling context packages, performance summaries, drift analysis, talking points, and meeting agendas. Use when the user asks about preparing for a client review, building a pre-meeting checklist, generating talking points for an upcoming meeting, identifying allocation drift before a review, automating review prep workflows, or assembling a meeting package with exhibits. Also trigger when users mention 'client meeting prep', 'review preparation', 'what should I discuss with my client', 'proactive recommendations', 'life event triggered review', 'meeting agenda', or 'compliance pre-check before review'.
Use when reviewing code for security vulnerabilities, implementing authentication or authorization, handling user input, managing secrets, or auditing dependencies for known CVEs. Triggers: auth implementation, input handling, secrets management, dependency audit, pre-deployment security check, OWASP compliance review.