'Create and manage redirects in VS Code documentation when pages are moved, renamed, or deleted. Use when moving docs pages, renaming files, restructuring content, or when the user asks about redirects.'

Provides best practices and guidance for working with Rush monorepos. Use when the user is working in a Rush-based repository, asks about Rush commands (install, update, build, rebuild), needs help with project selection, dependency management, build caching, subspace configuration, or troubleshooting Rush-specific issues.

> Best practices for building agents and agentic applications with Plano — the AI-native proxy and dataplane. Covers configuration, routing, agent orchestration, filter chains, observability, CLI oper

**Version 1.0.0**

**Version 1.0.0**

Generates beautiful, consistent Preline Theme CSS files. Agent interprets user request, runs build script, delivers complete CSS.

Documentation for the Trellis agent system - specialized AI agents for different development phases.

Use this skill when the user is working with an Aspire distributed application and needs to operate the AppHost or its resources through the Aspire CLI: start, restart, stop, or wait on the app; inspect resources, logs, traces, docs, or health; add integrations; manage secrets or config; publish, deploy, or rerun a named pipeline step; initialize Aspire in an existing app; recover missing `.modules` files in a TypeScript AppHost; discover the right frontend URL for Playwright from Aspire state; expose custom dashboard/resource commands; or understand unfamiliar Aspire AppHost APIs in C# or TypeScript. Use it even if they describe the task in terms of an AppHost, resources, dashboard, existing app bootstrap, missing generated modules, Playwright URL discovery, C# API understanding, or local distributed app workflow without explicitly naming Aspire. Do not use it for non-Aspire .NET apps, container-only repos with no AppHost, or ordinary build and test tasks.

Guide for writing Aspire deployment end-to-end tests. Use this when asked to create, modify, or debug deployment E2E tests that deploy to Azure.

Updates Docker container image tags used by Aspire hosting integrations. Queries registries for newer tags, uses LLM to determine version-compatible updates, and applies changes. Use this when asked to update container image versions.

Reproduces and fixes flaky or quarantined tests. Tries local reproduction first (fast), then falls back to CI reproduce workflow (reproduce-flaky-tests.yml). Use this when asked to investigate, reproduce, debug, or fix a flaky test, a quarantined test, or an intermittently failing test.

Review a GitHub pull request for problems. Use when asked to review a PR, do a code review, check a PR for issues, or review pull request changes. Focuses only on identifying problems — not style nits or praise.

Guide for writing Aspire CLI end-to-end tests using Hex1b terminal automation. Use this when asked to create, modify, or debug CLI E2E tests.

Guide for diagnosing GitHub Actions test failures, extracting failed tests from runs, and creating or updating failing-test issues. Use this when asked to investigate GitHub Actions test failures, download failure logs, create failing-test issues, or debug CI issues.

Quarantines or disables flaky/problematic tests using the QuarantineTools utility

Specialized agent for creating and improving Connection Properties in Aspire resource and README files

Generate well-formatted git commit messages following conventional commit standards

>

Writes TypeSpec http-client-python generator mock API tests (azure/unbranded/shared) from a Spector case. Use when given a Spector case link or a PR link that modifies Spector cases under http-specs/azure-http-specs.

Discovers and implements gaps in Spector test coverage for the C# HTTP client emitter. Use when asked to find missing Spector scenarios, add Spector test coverage, or implement a specific Spector spec for the C# emitter.

Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through

Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and

Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps

'Analyzes bootkit and advanced rootkit malware that infects the Master Boot Record (MBR), Volume Boot Record

Analyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached

Monitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates,

'Analyzes malware command-and-control (C2) communication protocols to understand beacon patterns, command structures,

'Analyzes intrusion activity against the Lockheed Martin Cyber Kill Chain framework to identify which phases

Perform comprehensive forensic analysis of disk images using Autopsy to recover files, examine artifacts, and

Investigate compromised Docker containers by analyzing images, layers, volumes, logs, and runtime artifacts to

Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify

'Analyzes indicators of compromise (IOCs) including IP addresses, domains, file hashes, URLs, and email artifacts

'Performs runtime mobile security exploration of iOS applications using Objection, a Frida-powered toolkit that

'Analyzes malicious Linux ELF (Executable and Linkable Format) binaries including botnets, cryptominers, ransomware,

Analyze Windows LNK shortcut files and Jump List artifacts to establish evidence of file access, program execution,

'Analyzes malicious VBA macros embedded in Microsoft Office documents (Word, Excel, PowerPoint) to identify download

Perform static analysis of malicious PDF documents using peepdf, pdfid, and pdf-parser to extract embedded JavaScript,

URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content,

'Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system

Use the Malpedia platform and API to research malware family relationships, track variant evolution, link families

Analyze the NTFS Master File Table ($MFT) to recover metadata and content of deleted files by examining MFT record

'Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including

'Analyzes network traffic generated by malware during sandbox execution or live incident response to identify

'Captures and analyzes network packet data using Wireshark and tshark to identify malicious traffic patterns,

Analyze Microsoft Outlook PST and OST files for email forensic evidence including message content, headers, attachments,

'Analyzes malicious PDF files using PDFiD, pdf-parser, and peepdf to identify embedded JavaScript, shellcode,

'Analyzes encryption algorithms, key management, and file encryption routines used by ransomware families to

'Parses Software Bill of Materials (SBOM) in CycloneDX and SPDX JSON formats to identify supply chain vulnerabilities

Examine file system slack space, MFT entries, USN journal, and alternate data streams to recover hidden data

Investigate supply chain attack artifacts including trojanized software updates, compromised build pipelines,