Security & Testing Agent Skills

DeepEval LLM Testing

Implements robust pytest-style evaluation frameworks to measure LLM performance, RAG quality, and output faithfulness.

1Password Secrets Reader

Retrieves credentials, API keys, and secure documents from 1Password using the official op CLI integration.

1Password Secret Creator

Automates the creation of secure 1Password items including logins, API keys, and notes via the 1Password CLI.

Promptfoo Config

Streamlines the configuration and execution of promptfoo for rigorous LLM evaluation and regression testing.

Systematic Debugging

Employs a disciplined methodology to identify and resolve the root causes of software bugs rather than masking symptoms.

Security Review Methodology

Analyzes implementation changes for security vulnerabilities and risks using a structured framework based on industry best practices.

AI Agent Evaluation Framework

Builds robust evaluation frameworks to measure performance, validate context engineering, and track improvements in agentic systems.

Strict Verification Gate

Enforces rigorous evidence-based verification before making any claims of task completion or success.

E2E Testing Patterns

Implement reliable, high-performance end-to-end test suites using industry-standard patterns for Playwright and Cypress.

Advanced Debugging Strategies

Implements systematic debugging workflows, root cause analysis, and performance profiling across multiple programming languages and environments.

Python Testing Patterns

Implements comprehensive Python testing strategies using pytest, fixtures, mocking, and advanced patterns for robust software quality.

Authentication & Authorization Patterns

Implements secure access control systems using industry-standard patterns like JWT, OAuth2, and RBAC to protect web applications and APIs.

Web3 Smart Contract Testing

Automates comprehensive smart contract validation using Hardhat and Foundry frameworks for robust blockchain applications.

DevSecOps Guideline Lookup

Provides comprehensive guidance on DevSecOps phases, security tools, and CI/CD integration patterns based on OWASP standards.

SCA Runner

Runs Software Composition Analysis (SCA) to identify and mitigate vulnerabilities in project dependencies across multiple languages.

Container Security Scanner

Audits Dockerfiles for best practices and scans container images for security vulnerabilities using industry-standard tools like Hadolint and Trivy.

Accessibility Self-Check

Validates generated UI code against WCAG 2.1 AA standards to ensure highly accessible and compliant web components.

Secret Scanner

Scans git repositories for hardcoded secrets, credentials, and API keys to prevent security breaches and data leaks.

SEO & Accessibility Analyzer

Audits web source files for SEO best practices and WCAG 2.1 AA accessibility compliance.

TDD Workflow

Implements a rigorous test-driven development cycle by writing failing tests before coding the implementation.

Security Hint

Identifies potential security vulnerabilities and secret exposures in real-time to promote safer development practices.

TDD Methodology

Implements a rigorous test-driven development workflow with spec traceability and multi-tier testing patterns.

Project Auditor

Conducts comprehensive production-readiness audits to identify security vulnerabilities, code quality issues, and infrastructure gaps in AI-generated or legacy projects.

Code Quality Standards

Establishes robust testing frameworks, CI/CD pipelines, and automated quality gates to maintain high software reliability.

Testing Philosophy

Implements universal principles for writing robust, maintainable tests by focusing on behavior over implementation details.

Clerk Auth for Next.js & Convex

Integrates robust Clerk authentication patterns into Next.js applications with Convex backend synchronization.

LLM Evaluation & Testing

Automates LLM prompt testing and performance evaluation using Promptfoo to ensure model reliability and security.

SPI Parallel & GF(3) Verifier

Ensures mathematical consistency and execution order invariance for deterministic color streams and tripartite data.

BDD Mathematical Verification

Verifies mathematical formulas and expressions using Behavior-Driven Development workflows and automated LaTeX extraction.

Automated Code Review

Conducts comprehensive automated code reviews for pull requests to enhance security, performance, and code quality.