Loading...
Loading...
Found 11,954 Skills
Guides information security engineering—implementing and operating security controls, identity and access systems, encryption and secrets management, security tool integrations (SIEM, EDR, SOAR), cloud guardrails, hardening baselines, and remediation engineering for vulnerabilities. Use when building SSO/RBAC/PAM patterns, configuring KMS or certificate lifecycle, deploying WAF/DLP or EDR connectors, writing security-as-code policies (OPA, SCPs, CIS benchmarks), integrating logging to SIEM, automating security workflows, or validating control fixes—not for SOC triage (soc-analyst), pentesting (penetration-tester, network-pentester, web-pentester), red team (red-team-specialist), CI gates only (devsecops), platform provisioning without security ownership (infrastructure-engineer), CISO/exec program (chief-information-security-officer), security program strategy (cybersecurity), GRC program and audit prep (compliance-specialist), or product tenancy isolation (product-infrastructure-security-engineer).
Guides security assessment of embedded and cyber-physical systems on hardware-in-the-loop (HIL) test benches—bench setup, ECU/ECM or PLC targets, bus interfaces (CAN/CAN-FD, LIN, automotive Ethernet, Modbus at high level), fault injection and stimulus design, simulated plant/environment integration, attack-surface monitoring on real hardware, reproducible test cases, lab safety interlocks, and evidence capture for firmware and vehicle security teams. Use for HIL security testing, ECU security assessment, CAN bus security, PLC HIL test, fault injection lab, embedded hardware security—not web/API pentest (web-pentester), network-only pentest (network-pentester), malware/binary RE only (reverse-engineer), SOC operations (soc-analyst), AI red team (ai-redteam), classified ISSO paperwork (information-systems-security-officer-classified-specialist), or pure software CI without hardware (build-validator).
Guides technical support engineering—customer ticket investigation, reproduction, log and API analysis, root-cause isolation, workaround communication, engineering escalation with evidence, and knowledge-base fixes for product bugs and integration issues. Use when debugging a customer-reported issue, writing a repro for engineering, analyzing API errors, drafting technical replies, or improving support runbooks—not for CS program design, renewals, or billing ops (customer-ops-specialist), production incident command (incident-management-engineer), building product features (fullstack-software-engineer), or company-wide crisis statements and launch announcements (communication-lead), or exec/VIP and community escalation program design (community-executive-escalations-program-manager). Product how-to, macros, and ticket triage without deep debugging: product-support-specialist.
Guides secure software delivery and DevSecOps for cleared/classified or high-side programs—disconnected or air-gapped CI/CD, artifact promotion across classification boundaries (conceptual), SBOM/signing/ provenance, SAST/DAST/secrets/IaC/container gates, supply-chain controls, STIG/CIS deploy baselines, IaC for classified landing zones, cleared developer workstations, build/deploy audit logging, and ATO/RMF pipeline evidence (not SSP ownership). Use for classified DevSecOps, cleared pipeline, high-side CI/CD, air-gapped build, cross-domain release, classified software delivery, STIG pipeline, ATO evidence CI, SBOM classified, secure software factory—not portfolio cyber governance (classified-cyber-security-senior-manager), ISSO/SSP (information-systems-security-officer-classified-specialist), commercial-only DevSecOps (devsecops), general DevOps (devops), build-only validation (build-validator), pentest (penetration-tester), or enterprise GRC-only (compliance-specialist).
Guides privacy research engineering for safeguards—PII and sensitive-data detection research, redaction and de-identification evals, memorization and extraction risk studies, privacy benchmarks and labeled corpora, logging/retention minimization for safety pipelines, and research memos on privacy–utility trade-offs for guardrail systems. Use when measuring PII detector quality, designing privacy eval suites for moderation stacks, studying training-data leakage or prompt logging risk, or recommending privacy mitigations for safeguard models—not for SOC 2/GDPR evidence automation (compliance-engineer), legal DPIA or AI policy (ai-risk-governance), harm/toxicity classifier R&D (ml-research-engineer-safeguards), production inference gateways (ml-infrastructure-engineer-safeguards), or general non-privacy research (ai-researcher).
Root cause analysis on production LLM traces. Diagnoses why an LLM application is failing — works from eval judge verdicts, runtime errors, or structural anomalies depending on what signals are present. Walks the span tree from symptom to root cause. Use when user says "what's wrong with my app", "why is my eval failing", "analyze errors", "root cause analysis", "diagnose failures", or wants to understand production failure patterns.
SQL for data analysis with exploratory analysis, advanced aggregations, statistical functions, outlier detection, and business insights. 50+ real-world analytics queries.
Handle security incidents with IR playbooks and procedures. Implement detection, containment, eradication, and recovery processes. Use when responding to security events or building incident response capabilities.
Performance review and testing: evaluate Core Web Vitals, page load times, bundle sizes, runtime performance, resource optimization, and rendering efficiency with browser-based measurement and benchmarking.
Use this skill when the user asks about Goldsky Subgraphs — deploying, managing, or querying subgraphs. Triggers on: 'deploy a subgraph', 'migrate from The Graph', 'what is a subgraph', 'GraphQL endpoint', 'low-code or no-code subgraph', 'subgraph tags', 'subgraph webhooks', 'cross-chain subgraph', 'subgraph stalled', 'subgraph API key', 'init subgraph', 'scaffold subgraph', 'subgraph logs', 'pause subgraph', 'start subgraph', 'graft subgraph'. Also use this skill when the user wants to build a GraphQL API over onchain data, power a dApp frontend with indexed blockchain data, or reuse an existing TheGraph subgraph on Goldsky. For questions about streaming raw chain data directly to a database without GraphQL, use the turbo-builder or mirror skills instead.
Use this skill when the user asks about Goldsky Edge — the managed RPC endpoint service for EVM chains. Triggers on: 'Edge RPC', 'Goldsky RPC endpoint', 'edge.goldsky.com', 'eth_getLogs is slow', 'RPC rate limit', 'hedged requests', 'flashblocks', 'HyperEVM system transactions', 'x402 pay-per-request RPC', 'Goldsky Edge pricing', 'Edge dashboard', 'gs_edge_ API key', 'rpc-edge'. Also use this skill when the user wants a resilient, low-latency JSON-RPC endpoint for EVM chains (Ethereum, Base, Arbitrum, Optimism, Polygon zkEVM, BSC, Avalanche, Berachain, HyperEVM, Monad, Sei, Sonic, Unichain, zkSync, etc.), is debugging RPC errors like -32005/-32012/-32014/-32015/-32016, or is comparing providers (Alchemy, Infura, QuickNode, Ankr) against Edge. For questions about self-hosting eRPC or custom eRPC configuration beyond what Edge exposes, point them at https://docs.erpc.cloud/llms.txt. Do NOT trigger on Goldsky Mirror, Turbo, or Subgraph pipeline questions — those belong to their respective skills.
Diagnose and fix broken Goldsky Mirror pipelines. Use this skill whenever a user has a Mirror pipeline that is failing, stuck, terminated, won't start, is in a restart loop, or is blocked by an in-flight request. Also use when the user mentions a specific Mirror pipeline name alongside a problem — even if they don't say 'mirror' explicitly, if they're using `goldsky pipeline` commands (not `goldsky turbo`), this is the right skill. Runs CLI commands directly to check status, read errors, identify root cause, and apply fixes. For YAML syntax or config reference, use /mirror instead. For turbo pipeline problems, use /turbo-doctor instead.