Loading...
Loading...
Found 18 Skills
Harvest every `ponytail:` comment in the codebase into a debt ledger, so the deliberate shortcuts and deferrals ponytail leaves behind get tracked instead of rotting into "later means never". Use when the user says "ponytail debt", "/ponytail-debt", "what did ponytail defer", "list the shortcuts", "ponytail ledger", or "what did we mark to do later". One-shot report, changes nothing.
Scans source code, configuration files, and git history for hardcoded credentials, API keys, and tokens. Use when auditing repositories for security leaks or ensuring sensitive data is not committed to version control.
GoPlus AgentGuard — AI agent security guard. Automatically blocks dangerous commands, prevents data leaks, and protects secrets. Use when reviewing third-party code, auditing skills, checking for vulnerabilities, evaluating action safety, or viewing security logs.
Verify code for security issues including hardcoded secrets, input validation, error exposure, and dependency vulnerabilities. Use when asked to "verify security", "check for secrets", or "scan for vulnerabilities".
Generate marketing demo HTML for any repository using a hook+demo pipeline. This skill scans source code into <code="..."> blocks, creates plan outlines, generates hook/demo HTML, and optionally merges them. Use when you need one-click demo generation for arbitrary repos with Gemini CLI (`gemini -m`), including selectable hook templates (`text`, `shorts`, `4methods`).
Scans code for performance and scalability issues — N+1 queries, missing indexes, unbounded queries, memory inefficiencies, caching gaps, algorithmic complexity, concurrency bugs, and frontend performance problems. Generates severity-scored findings with copy-pasteable fix prompts. Trigger phrases: "performance audit", "performance check", "N+1 detection", "query optimization", "slow code", "performance review".
Semgrep integration. Manage Rules, Scans. Use when the user wants to interact with Semgrep data.
Provides comprehensive guidance for generating API documentation by scanning code interfaces, extracting request/response information, and creating standardized API documentation. Use ONLY when the user explicitly mentions generating API documentation, creating API docs, scanning interfaces, or documenting APIs. The skill scans Controller classes, extracts interface information (URL, method, parameters, response), and generates documentation following standard templates. Do NOT trigger for generic documentation requests without explicit API documentation mention.
This skill should be used when the user asks to 'optimize performance', 'check for memory leaks', 'improve performance', 'performance tuning', 'adjust performance', or mentions performance issues in Adobe Animate or CreateJS projects.
Scans code for error handling and resilience issues — swallowed exceptions, missing try/catch on external calls, unhandled promise rejections, missing transactions, validation gaps, retry/timeout omissions, and logging blind spots. Generates severity-scored findings with copy-pasteable fix prompts. Trigger phrases: "error handling check", "exception audit", "resilience check", "try/catch review", "error handling audit".
Review uncommitted or recently changed files for privacy-by-design rule violations (based on privacy laws like GDPR and LGPD) before committing.
Autonomous rule adherence checker. Scans the codebase for rule violations, fixes the highest-impact ones in an isolated worktree, runs full validation, creates a PR. Uses memory to track progress across runs.