Security & Testing Agent Skills

Security Reviewer

Conducts comprehensive security audits and vulnerability assessments to identify and remediate code and infrastructure risks.

Systematic Debugging Framework

Implements a rigorous four-phase debugging methodology to identify root causes and ensure stable, long-term software fixes.

Playwright E2E Specialist

Builds robust, maintainable end-to-end browser tests using Playwright best practices and the Page Object Model.

Git Branch Protection

Enforces safe Git workflows by blocking direct pushes to primary branches and preventing unapproved force pushes within Claude Code.

Claude Eval Harness

Implements a formal evaluation framework for Claude Code sessions using Eval-Driven Development (EDD) principles.

PICT Test Designer

Generates optimized pairwise test cases and combinatorial models from software requirements or code.

Test-Driven Development Mastery

Enforces a rigorous Red-Green-Refactor workflow to ensure high-quality, verified production code through strict TDD principles.

Verification Loop

Standardizes code quality through a rigorous six-phase verification process covering builds, types, linting, tests, security, and diffs.

TDD Workflow Enforcer

Implements a rigorous test-driven development cycle ensuring 80% code coverage across unit, integration, and end-to-end tests.

Security Review & Audit

Enforces rigorous security standards and identifies vulnerabilities across authentication, data handling, and API implementation.

Smart Test Fixing

Systematically identifies, groups, and resolves failing test suites using an intelligent root-cause analysis workflow.

PHP Security Essentials

Implements industry-standard PHP security patterns and hardening techniques to protect applications against OWASP Top 10 vulnerabilities.

Rust Unsafe & FFI Guide

Provides expert guidance and safety patterns for writing sound unsafe code and FFI bindings in Rust.

PCI DSS Compliance Guidelines

Implements secure payment processing and cardholder data handling patterns following PCI DSS v4.0 standards.

HIPAA Compliance Guide

Provides expert guidance and technical safeguards for developing HIPAA-compliant healthcare applications and handling Protected Health Information (PHI).

SOC 2 Compliance Specialist

Guides developers through the implementation of SOC 2 Trust Services Criteria, from access controls to audit-ready logging and evidence collection.

GDPR Compliance Expert

Implements GDPR-compliant coding patterns and privacy-by-design principles to protect user data and ensure legal adherence.

Cloudflare Turnstile Integration

Implements secure, privacy-focused bot protection and spam prevention using Cloudflare Turnstile.

PCI Compliance & Secure Payments

Implements PCI DSS requirements and secure payment handling patterns to protect cardholder data and ensure regulatory compliance.

Agent Evaluation Framework

Evaluates AI agent workflows and performance using a comprehensive framework based on Anthropic's best practices.

Web Application Testing

Automates browser-based testing and UI verification for local web applications using Playwright.

Azure Auth for React & Cloudflare Workers

Implements secure Microsoft Entra ID authentication for React SPAs and Cloudflare Workers using MSAL.js and serverless JWT validation.

Feature Status Tracker

Automates the detection and counting of failing Gherkin features to orchestrate autonomous coding loops.

Security Design Patterns

Implements robust security layers including client-side encryption, API key management, and schema-based input validation.

Promptfoo LLM Testing

Evaluates and compares LLM outputs using an automated testing framework to ensure prompt reliability and quality.

Vamsa Testing Standards

Implements high-quality unit and E2E testing patterns for the Vamsa genealogy application using Vitest and Playwright.

Auth0 Security Specialist

Implements and optimizes Auth0 security features including attack protection, multi-factor authentication, and advanced token security standards.

Verify Before Complete

Enforces a strict evidence-based workflow that requires running fresh verification commands before claiming any task is finished or successful.

Testing Patterns & Strategies

Provides standardized testing templates and strategies for Vitest, Jest, and Supertest to ensure high code quality across frontend and backend environments.

Playwright Browser Automation

Automates browser interactions, end-to-end testing, and UI validation with automatic development server detection.