Loading...
Loading...
Found 1,565 Skills
WooYun business logic vulnerability methodology — 22,132 real cases across 6 domains (authentication bypass, authorization bypass, payment tampering, information disclosure, logic flaws, misconfiguration) and 33 vulnerability classes. It can be used for ANY security testing, auditing, or code review of web apps, APIs, or business systems, even without explicit "security" keywords. Triggers: penetration testing, security audit, vulnerability, bug bounty, payment security, IDOR, password reset, weak credentials, unauthorized access, race condition, parameter tampering, code review, penetration testing, security audit, vulnerability mining, payment security, privilege escalation, logic vulnerability, business security, SRC, code audit. It also triggers on implicit intent: "test this endpoint", "find bugs", "can I bypass this", "help me test this interface", "can this parameter be modified", "help me find bugs".
Use when writing or changing tests, adding mocks, or tempted to add test-only methods to production code - prevents testing mock behavior, production pollution with test-only methods, and mocking without understanding dependencies
Expert product analytics strategist for SaaS and digital products. Use when designing product metrics frameworks, funnel analysis, cohort retention, feature adoption tracking, A/B testing, experimentation design, data instrumentation, or product dashboards. Covers AARRR, HEART, behavioral analytics, and impact measurement.
LLM and AI testing patterns — mock responses, evaluation with DeepEval/RAGAS, structured output validation, and agentic test patterns (generator, healer, planner). Use when testing AI features, validating LLM outputs, or building evaluation pipelines.
Instrument, trace, evaluate, and monitor LLM applications and AI agents with LangSmith. Use when setting up observability for LLM pipelines, running offline or online evaluations, managing prompts in the Prompt Hub, creating datasets for regression testing, or deploying agent servers. Triggers on: langsmith, langchain tracing, llm tracing, llm observability, llm evaluation, trace llm calls, @traceable, wrap_openai, langsmith evaluate, langsmith dataset, langsmith feedback, langsmith prompt hub, langsmith project, llm monitoring, llm debugging, llm quality, openevals, langsmith cli, langsmith experiment, annotate llm, llm judge.
Run single-file C# programs as scripts for quick experimentation, prototyping, and concept testing. Use when the user wants to write and execute a small C# program without creating a full project.
Activate this skill when BenchmarkDotNet (BDN) is involved in the task — creating, running, configuring, or reviewing BDN benchmarks. Also activate when microbenchmarking .NET code would be useful and BenchmarkDotNet is the likely tool. Consider activating when answering a .NET performance question requires measurement and BenchmarkDotNet may be needed. Covers microbenchmark design, BDN configuration and project setup, how to run BDN microbenchmarks efficiently and effectively, and using BDN for side-by-side performance comparisons. Do NOT use for profiling/tracing .NET code (dotnet-trace, PerfView), production telemetry, or load/stress testing (Crank, k6).
Manage beta app review submissions and review contact details for TestFlight external testing using the `asc` CLI tool. Use this skill when: (1) Submitting a build for beta app review: "asc beta-review submissions create --build-id ID" (2) Checking beta review submission status: "asc beta-review submissions list --build-id ID" (3) Getting a specific submission: "asc beta-review submissions get --submission-id ID" (4) Getting beta review contact details: "asc beta-review detail get --app-id ID" (5) Updating beta review contact info or demo account: "asc beta-review detail update --detail-id ID ..." (6) User says "submit for beta review", "TestFlight review", "beta review status", "beta review contact", "external testing review", or any beta app review task
Manage ASC plugins that extend the CLI with custom event handlers using the `asc` CLI tool. Use this skill when: (1) Listing installed plugins: "asc plugins list" (2) Installing a plugin: "asc plugins install PATH" (3) Removing a plugin: "asc plugins uninstall --name NAME" (4) Enabling or disabling plugins: "asc plugins enable/disable --name NAME" (5) Testing a plugin manually: "asc plugins run --name NAME --event EVENT" (6) User asks to "create a plugin", "add Slack notifications", "wire up a Telegram bot on build upload", or "extend the CLI with a custom handler" (7) Explaining the plugin protocol (manifest.json + run executable + JSON stdin/stdout)
Deep analysis debugging mode for complex issues. Activates methodical investigation protocol with evidence gathering, hypothesis testing, and rigorous verification. Use when standard troubleshooting fails or when issues require systematic root cause analysis.
Model configuration editor for ~/.pi/agent/models.json with multi-protocol curl testing support.
Uses Riverpod for state management in Flutter/Dart. Use when setting up providers, combining requests, managing state disposal, passing arguments, performing side effects, testing providers, or applying Riverpod best practices.