Set a secret. Requires authentication. Use for Agentuity cloud platform operations
**DEFAULT for AI agent safety reviews — dispatches security-auditor + risk-and-controls-reviewer with AI/agent safety focus.**
Enforce Input/Output Guardrails at the LLM Gateway layer — PII redaction, Prompt Injection defense, Jailbreak detection, Toxicity filter, and Tool Allow-list.
Generate CI/CD pipeline (GitHub Actions / GitLab CI) with linting, static analysis, tests, security. Use when user says "ci", "setup ci", "github actions", "gitlab ci", "pipeline".
Perform code review on staged changes or a pull request. Checks for bugs, security issues, performance problems, and best practices.
Security audit checklist based on OWASP Top 10 and best practices. Covers authentication, injection, XSS, CSRF, secrets management, and more.
Quick operations on `src/data/data.sqlite` — inspect the current schema, add a single column to an existing table via Drizzle migration, seed 2-5 test rows, or run a read-only…
Reviews API and infrastructure security configuration, including endpoints, headers, transport, and deployment settings. Use when auditing API or infrastructure hardening.
Use when the user asks to reconcile AppDirect marketplace billing, see which payments failed or stalled across every reseller company, find active-but-unbilled or overdue…
Review code or a module implementation against PMTL_VN architecture contracts. Flags ownership violations, missing audit/rate-limit, wrong async boundaries, security gaps, and…
Assesses and rates quality 0-10 across multiple dimensions (correctness, maintainability, security, performance, testability, simplicity) with pros/cons analysis.
Every Atera RMM + PSA endpoint, plus a local SQLite mirror that answers fleet-health, SLA, and book-of-business questions no single API call can.
Deploy a QA agent swarm to analyze the codebase and produce a prioritized findings report, implementation spec, and test plan.
개별 공격 기법의 실현 가능성을 빠르게 실험. 하네스 루프에서 특정 기법이 불확실할 때 사용. Use when testing a specific AWS attack technique, verifying if an exploit works, or exploring a new attack surface before…
Generate SITF-compliant attack flow JSON files from attack descriptions or incident reports. Use when analyzing supply chain attacks, breaches, or security incidents.
MITRE ATT&CK technique mapping for a CVE or every entry in `.vulnetix/memory.yaml`. Use when planning detection coverage gaps, mapping a CVE to defender controls, building an…
Composite: security audit -> production upgrade -> self-evaluation. Use when user says 'audit', 'check the codebase', 'find and fix issues', or 'is this production-ready'.
Analyze environment variables in JavaScript/TypeScript projects. Identifies unused variables, infers permission scopes, detects specific services (Stripe, AWS, Supabase), and…
For a batch of findings from a non-security audit tool (`
` — ruff / flake8 / mypy / pylint / CodeQL / Apache Verum / Apache Caer / equivalent; full list in the body)…
Single-pass codebase analysis leveraging Opus 4.6 1M context for comprehensive security scanning, architecture review, and dependency auditing.
Audits existing table permissions on a Power Pages site by analyzing them against site code and Dataverse metadata.
Comprehensive audit capabilities for security, code quality, module structure, compliance, and performance analysis.
모든 사용자 발화·agent 행동·phase 전환·gate 판정을 ISO 8601 타임스탬프와 함께 감사 로그에 기록한다. 사용자 입력은 축약·요약 없이 verbatim blockquote로 보존하며, SOC2·ISMS-P 감사 요구사항에 매핑되는 보존 정책(30·90·365일)을 프로젝트별로 선택한다.
Use this skill to verify milestone achievement against its definition of done, checking requirements coverage, cross-phase integration, and end-to-end flows.
Analyzes a single web page URL for SEO quality, identifying issues with title tags, meta descriptions, heading structure, and content.
Use when: auditing a website URL or codebase, checking site health score, SEO audit, performance audit, security scan, accessibility audit, mobile audit, broken links, meta tags,…
All-in-one fullstack dev engine. /aura: 46 modes (build/fix/clean/deploy/review/spec/lore/ax/experiment/payment/debug/qa/orchestrate/escalate+), 6-layer security with 32 hooks,…
Audit authentication and authorization patterns. Checks JWT, sessions, OAuth2, PKCE implementations for security best practices and common vulnerabilities.
Use when: reviewing, designing, implementing, or testing auth/security claim contracts for optional claims, JWT/OIDC/SAML/session/token claims, missing-vs-invalid semantics,…
Conducts a comprehensive authentication security review covering login, sessions, tokens, and credential handling. Use when auditing authentication for vulnerabilities.
Use when the user asks to triage the Autotask service desk, find unbilled or uninvoiced time before a billing run, check contract burn or retainer run-out, pull a company 360, age…
Guides container vulnerability remediation using Averlon MCP. Use when the user wants to fix container vulnerabilities, update Dockerfile packages, or get Averlon container…
Use when the user asks to check Axcient x360Recover backups across an MSP fleet - whose backups failed or went stale last night, who is breaching RPO, per-client backup-compliance…
Audit an AI agent benchmark for hackability. Detects evaluation vulnerabilities like missing isolation, leaked answers, eval() on untrusted input, prompt injection in LLM judges,…
Use when the user asks to check what's down in Better Stack, find monitors that would page nobody, report incident MTTA/MTTR, see who's on call or where on-call has gaps, rank…
Use when: billing audit, subscription lifecycle review, Stripe/Paddle integration check, webhook security, payment form CSRF, pricing centralization, webhook idempotency, billing…
Use when the user asks to triage Blumira findings across client accounts, see what changed in Blumira since the last sync, check detection-coverage drift versus the basis ruleset,…
Полный аудит бота: 3 senior-ревью (баги, security, рефакторинг) + 5 QA-агентов (50 тестов по 10) + health-check. 8 параллельных агентов.
Generate contextual briefings for legal work — daily summary, topic research, or incident response. Use when starting your day and need a scan of legal-relevant items across…
Probe a site's authentication flow for redirect leaks, missing CSRF, weak session cookies, and OAuth misconfiguration; produces an auth findings.md
Zero-tolerance multi-agent code annihilation system. Spawns parallel brutal agents for Security, Architecture, Quality, Performance, and Style review with full MCP integration.
Analyzes business logic for security flaws such as workflow bypasses, race conditions, and abuse cases. Use when reviewing application logic for exploitable behavior.
Captures a validated learning into the Memory Graph (SQLite). Invoke when: a bug is resolved non-obviously, a pattern is discovered, the user corrects a mistake, or a solution…
Audits a GitHub Actions workflow YAML file (or a directory under `.github/workflows/`) against 30 deterministic checks (top-level `name:`, permissions, timeouts, concurrency,…
Prueft Helm Chart-Dateien eines Kamerplanter-Komponente auf NFR-002-Konformitaet: SecurityContext, NetworkPolicies, Resource Limits, Health Probes,…
USE FOR anything touching CIBA backchannel auth — cibaService.js, cibaEnhanced.js, routes/ciba.js, CIBAPanel.js UI, CIBA grant type (urn:openid:params:grant-type:ciba),…
Use when the user asks to roll up Microsoft 365 posture across all their CIPP tenants (MFA, Conditional Access, Standards, BPA), find unused M365 licenses, flag stale accounts,…
5 expert personas debate proposed changes before implementation. Catches architectural, security, performance, and UX issues early.
Comprehensive codebase cleanup across 11 quality dimensions: dead code, duplication, weak types, circular deps, defensive cruft, legacy code, AI slop, type consolidation,…
Erstellt Mandantenbriefe in einfacher, verständlicher Sprache – kein Juristenjargon. Übersetzt komplexe Bescheids-, Widerspruchs- oder Klageinhalte in klare, handlungsori — from…
Tworzy i rozbudowuje profesjonalne dokumenty ofertowe dla klientów w formacie .docx. Zachowuje ustalony styl — nagłówki bez numeracji, zwięzłe listy (2-3 punkty), tabele…
API reference for CoinMarketCap cryptocurrency endpoints including quotes, listings, OHLCV, trending, and categories.
API reference for CoinMarketCap DEX endpoints including token lookup, pools, transactions, trending, and security analysis.
Audits the entire codebase for bugs, security vulnerabilities, CLAUDE.md violations, dead code, duplicate code, and test quality issues.
Review code for quality, correctness, and security vulnerabilities. Use when the user asks to review code, audit for security issues, or check for bugs and anti-patterns.
Generate a comprehensive codebase profile — architecture topology, dependency graph, code quality metrics, security surface, test posture, and infrastructure snapshot.
Use when you need a comprehensive code review combining architecture, security, and test perspectives - especially before merging, releasing, or after major changes.
Run Codex adversarial review — actively tries to break confidence in the change. Use when asked \"adversarial review\", \"적대적 리뷰\", or wants thorough security/correctness…
Porter 5 Forces + game-theory primer for a specific market — equilibrium prediction, response-game tree, exit scenarios. Routes to red-team-strategist agent.
Build a compliance bundle — CycloneDX SBOM, SPDX license report, SARIF findings, OpenVEX/CycloneDX VEX, optional cosign signatures, manifest.json with SHA-256 sums, Markdown…