Loading...
Loading...
Found 80 Skills
Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attack vectors where attacker-controlled input reaches. AI agents running in CI/CD pipelines.
Analyzes Rails code quality, architecture, and patterns without modifying code. Use when the user wants a code review, quality analysis, architecture audit, or when user mentions review, audit, code quality, anti-patterns, or SOLID principles. WHEN NOT: Actually implementing fixes (use specialist agents), writing new tests (use rspec-agent), or generating new features.
Augments Trailmark code graphs with external audit findings from SARIF static analysis results and weAudit annotation files. Maps findings to graph nodes by file and line overlap, creates severity-based subgraphs, and enables cross-referencing findings with pre-analysis data (blast radius, taint, etc.). Use when projecting SARIF results onto a code graph, overlaying weAudit annotations, cross-referencing Semgrep or CodeQL findings with call graph data, or visualizing audit findings in the context of code structure.
Use when writing modern PHP 8.x code — enums, fibers, readonly properties, PSR standards, Composer, static analysis, SOLID patterns. Trigger conditions: PHP code authoring, enum design, readonly DTO creation, PSR-4 autoloading setup, PHPStan or Psalm configuration, PHP CS Fixer or Pint setup, Composer dependency management, SOLID principle application, type safety improvements, custom exception hierarchies, interface-driven design.
Automated code review and analysis. Use when: user wants to review code changes, check for issues, analyze complexity, or perform security scans.
Use when building WordPress plugins or themes. Covers plugin architecture, plugin header and text domain, register_activation_hook, register_deactivation_hook, uninstall.php, settings API (add_options_page, register_setting), $wpdb and dbDelta for custom tables, schema upgrades, transients, data storage patterns, WP_CLI custom commands, PHPStan configuration, phpcs (WordPress coding standards linting), PHPUnit testing, wp scaffold plugin, PSR-4 autoloading, and build/deploy workflows.
Dead code cleanup and consolidation specialist. Use PROACTIVELY for removing unused code, duplicates, and refactoring. Runs analysis tools to identify dead code and safely removes it.
Runs real-time safety analysis for instructions involving destructive operations, permission changes, irreversible actions, prompt injection, or compliance-sensitive operations. Evaluates risk level, destructiveness, and reversibility via backend API. Use when asked for safety check, risk assessment, security audit, destructive check, instruction audit, or Modeio safety scan. Also use proactively before executing any instruction that deletes data, modifies permissions, drops or truncates tables, deploys to production, or alters system state irreversibly. Also supports pre-install Skill Safety Assessment for third-party skill repositories via a static prompt contract.