Loading...
Loading...
Found 711 Skills
Generates wiring verification YAML for loom plans. Helps agents prove that features are properly integrated — commands registered, endpoints mounted, modules exported, components rendered. Use when writing truths/artifacts/wiring fields for loom plan stages.
Use when implementing Stripe webhook endpoints and getting 'Raw body not available' or signature verification errors - provides raw body parsing solutions and subscription period field fixes across frameworks
Generates before/after verification pairs for loom plans. Proves a stage actually changed system behavior by capturing state before and after implementation. Use for delta-proof verification — proving new commands, endpoints, modules, or bug fixes work by comparing system state.
Use this agent when you need to perform security audits, vulnerability assessments, or security reviews of code. This includes checking for common security vulnerabilities, validating input handling, reviewing authentication/authorization implementations, scanning for hardcoded secrets, and ensuring OWASP compliance. <example>Context: The user wants to ensure their newly implemented API endpoints are secure before deployment.\nuser: "I've just finished implementing the user authentication endpoints. Can you check them for security issues?"\nassistant: "I'll use the security-sentinel agent to perform a comprehensive security review of your authentication endpoints."\n<commentary>Since the user is asking for a security review of authentication code, use the security-sentinel agent to scan for vulnerabilities and ensure secure implementation.</commentary></example> <example>Context: The user is concerned about potential SQL injection vulnerabilities in their database queries.\nuser: "I'm worried about SQL inj...
Test REST and GraphQL API endpoints with structured assertions and reporting. Use when a user asks to test an API, hit an endpoint, check if an API works, validate a response, debug an API call, test authentication flows, or verify API contracts. Supports GET, POST, PUT, PATCH, DELETE with headers, body, auth, and response validation.
Implement secure authentication bridge between Better Auth (Next.js frontend) and FastAPI (Python backend) using JWKS JWT token verification. Use this skill when users need to (1) Integrate Better Auth with FastAPI backend, (2) Implement JWT authentication with JWKS verification, (3) Set up user isolation and authorization in FastAPI endpoints, (4) Configure frontend to send authenticated API requests, or (5) Troubleshoot Better Auth + FastAPI authentication issues.
Implements CSRF protection using synchronizer tokens, double-submit cookies, and SameSite attributes. Use when securing web forms, protecting state-changing endpoints, or implementing defense-in-depth authentication.
Work with the Memberstack Admin API to manage members, plans, and data tables. Use this skill whenever the user mentions Memberstack, member management via API, Memberstack data tables, or wants to build integrations that create/read/update/delete members or data records in Memberstack. Also trigger when the user asks about Memberstack API endpoints, authentication, pagination, querying records, or connecting plans to members — even if they don't say "Memberstack" explicitly but reference concepts like plan connections, member metadata, or admin member APIs that align with Memberstack's domain.
Full DeepRead API reference. All endpoints, auth, request/response formats, blueprints, webhooks, error handling, and code examples.
Galaxy project development conventions and skill routing guide. ALWAYS load this skill when working in a Galaxy codebase. Routes to appropriate skills: use /galaxy-db-migration for database/Alembic/schema changes, /galaxy-api-endpoint for creating REST API endpoints/FastAPI routers, /galaxy-testing for running or writing tests, /galaxy-linting for code formatting/linting/type checking. Use galaxy-explorer agent for codebase architecture questions.
Security assessment skill for reconnaissance, endpoint/service enumeration, and attack-surface mapping. Use when prompts include recon, enumerate, map endpoints, discover assets, inventory interfaces, fingerprint technologies, or identify control-plane surfaces. Do not use when the request is exploit development, payload execution, or final report writing only.
Implement Documenso webhook configuration and event handling. Use when setting up webhook endpoints, handling document events, or implementing real-time notifications for document signing. Trigger with phrases like "documenso webhook", "documenso events", "document completed webhook", "signing notification".