AI Skill Library

All domains › Security, Testing & Compliance

Security, Testing & Compliance

40 skills across 4 categories.

Application security (7)

  • django-securityDjango security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and securisk: highFree
  • laravel-securityLaravel security best practices for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and securisk: highFree
  • llm-trading-agent-securitySecurity patterns for autonomous trading agents with wallet or transaction authority. Covers prompt injection, spend limits, pre-srisk: mediumFree
  • perl-securityComprehensive Perl security covering taint mode, input validation, safe process execution, DBI parameterized queries, web securityrisk: highFree
  • security-auditorExpert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks.risk: highFree
  • security-reviewUse this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing paymrisk: highFree
  • top-web-vulnerabilitiesThis skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "underisk: highFree

Compliance (14)

  • advogado-criminalSenior Brazilian criminal-defense lawyer specialized in Maria da Penha (domestic-violence law), domestic violence, femicide, Brazirisk: lowFree
  • advogado-especialistaElite Brazilian generalist lawyer covering all areas of Brazilian law: family, criminal, labor, tax, consumer, real-estate, businerisk: lowFree
  • contract-reviewYou are a contract review assistant for an in-house legal team. You analyze contracts against the organization's negotiation playbrisk: lowFree
  • data-privacy-complianceData privacy and regulatory compliance specialist for GDPR, CCPA, HIPAA, and international data protection laws. Use when implemenrisk: mediumFree
  • fda-consultant-specialistSenior FDA consultant and specialist for medical device companies including HIPAA compliance and requirement management. Provides risk: mediumFree
  • fda-medtech-compliance-auditorExpert AI auditor for Medical Device (SaMD) compliance, IEC 62304, and 21 CFR Part 820. Reviews DHFs, technical files, and softwarrisk: mediumFree
  • healthcare-phi-complianceProtected Health Information (PHI) and Personally Identifiable Information (PII) compliance patterns for healthcare applications. risk: mediumFree
  • hipaa-complianceHIPAA-specific entrypoint for healthcare privacy and security work. Use when a task is explicitly framed around HIPAA, PHI handlinrisk: mediumFree
  • iso-13485-certificationComprehensive toolkit for preparing ISO 13485 certification documentation for medical device Quality Management Systems. Use when risk: mediumFree
  • legal-advisorDraft privacy policies, terms of service, disclaimers, and legal notices. Creates GDPR-compliant texts, cookie policies, and data risk: lowFree
  • leiloeiro-juridicoAnalise juridica de leiloes: nulidades, bem de familia, alienacao fiduciaria, CPC arts 829-903, Lei 9514/97, onus reais, embargos risk: lowFree
  • pci-complianceImplement PCI DSS compliance requirements for secure handling of payment card data and payment systems. Use when securing payment risk: highFree
  • pci-complianceMaster PCI DSS (Payment Card Industry Data Security Standard) compliance for secure payment processing and handling of cardholder risk: highFree
  • quality-nonconformanceCodified expertise for quality control, non-conformance investigation, root cause analysis, corrective action, and supplier qualitrisk: lowFree

Offensive / pentest (7)

  • active-directory-attacksProvide comprehensive techniques for attacking Microsoft Active Directory environments. Covers reconnaissance, credential harvestirisk: highFree
  • analyzing-slack-space-and-file-system-artifactsExamine file system slack space, MFT entries, USN journal, and alternate data streams to recover hidden data and reconstruct file risk: highFree
  • Attack Tree ConstructionBuild comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communrisk: highFree
  • binary-analysis-patternsComprehensive patterns and techniques for analyzing compiled binaries, understanding assembly code, and reconstructing program logrisk: lowFree
  • html-injection-testingThis skill should be used when the user asks to "test for HTML injection", "inject HTML into web pages", "perform HTML injection arisk: highFree
  • libaflLibAFL is a modular fuzzing library for building custom fuzzers. Use for advanced fuzzing needs, custom mutators, or non-standard risk: lowFree
  • sherlockOSINT username search across 400+ social networks. Hunt down social media accounts by username.risk: lowFree

Testing (12)

  • component-fixturesUse when creating or updating component fixtures for screenshot testing, or when designing UI components to be fixture-friendly. Crisk: lowFree
  • conductor-validatorValidates Conductor project artifacts for completeness, consistency, and correctness. Use after setup, when diagnosing issues, or risk: lowFree
  • create-test-datasetsCreate test datasets (hits, visits, tpcds, tpch) from standard scripts. Ensures the server is running first.risk: lowFree
  • django-verificationVerification loop for Django projects: migrations, linting, tests with coverage, security scans, and deployment readiness checks brisk: mediumFree
  • integration-testsUse when running integration tests in the VS Code repo. Covers scripts/test-integration.sh (macOS/Linux) and scripts/test-integratrisk: lowFree
  • remote-testsHow to run tests using remote executor.risk: lowFree
  • skip-test-with-issueSkip a flaky or broken test with proper issue tracking. Use when asked to skip a test, disable a test, or mark a test as flaky.risk: lowFree
  • smoke-testEnd-to-end smoke test skill for DeerFlow. Guides through: 1) Pulling latest code, 2) Docker OR Local installation and deployment (risk: mediumFree
  • testUse when you need to run tests for React core. Supports source, www, stable, and experimental channels.risk: lowFree
  • unit-testsUse when running unit tests in the VS Code repo. Covers the runTests tool, scripts/test.sh (macOS/Linux) and scripts/test.bat (Winrisk: lowFree
  • verifyUse when you want to validate changes before committing, or when you need to check all React contribution requirements.risk: lowFree
  • write-frontend-testsAnalyze the current branch diff against dev, plan integration tests for changed frontend pages/components, and write them. TRIGGERrisk: lowFree