Code review specialist for quality, security, and best practices
Skills(SKILL.md)は、AIエージェント(Claude Code、Cursor、Codexなど)に特定の能力を追加するための設定ファイルです。
詳しく見る →Code review specialist for quality, security, and best practices
アプリストア レビュー CSV データを分析して視覚化するスキル。ユーザーがアプリストア レビュー CSV ファイルを提供するか レビュー 分析を要求する時に使用する。CSV は id, date, user_name, title, content, rating, app_version 列を含まなければならない。
Evaluate an HLD note against linked ADRs, requirements, and architecture principles across six dimensions
Have OpenAI Codex review the current branch with documentation research. Use for second-opinion code reviews or when you want cross-AI verification.
Acting as template repo maintainer: review proposals in `localdocs/proposals/` and optionally apply accepted ones to the upstream template.
Transform Claude into an expert code reviewer following industry best practices.
Orchestrate Agent Teams for parallel multi-session collaboration. Use for research, implementation, review, and debug workflows requiring independent teammates.
Plans the next sprint with PM analysis, multi-agent technical table, and roadmap generation. Use to plan sprints, prioritize features, convene technical tables.
Self-improvement loop triggered after any user correction. Captures mistakes as prevention rules in tasks/lessons.md so the same error is never repeated.
Draft a detailed Non-Disclosure Agreement between two parties covering information types, jurisdiction, and clauses needing legal review. Use when creating confidentiality agreements or preparing an NDA for a partnership.
배포 스크립트의 보안·안전성 리뷰를 수행한다. 롤백 절차, 장애 대응, 권한 설정을 점검한다.
Confidence-based model tier escalation for agent tasks. Defines when to escalate from Haiku to Sonnet to Opus, escalation signals, and the never-skip-tiers rule. Use when an agent fails or underperforms.
Post-draft diagnostic for sermon and book writing. Scans for machine tells, assesses authenticity risk, checks voice continuity against the author's sermon corpus. Fires after writing is complete or when reviewing existing drafts. For during-writing standards, see like-a-human.
Meta-level analysis of plan vs execution to identify process improvements. Analyzes divergence patterns and suggests updates to CLAUDE.md, agents, and skills.
Load this skill when writing tests, reviewing test coverage, setting up testing strategies, or ensuring code quality. Covers the testing pyramid, unit/integration/e2e test standards, naming conventions, and mandatory 90% coverage requirements.
startproject
Run a weekly retrospective across Threads and note outputs, then propose next-step improvements. Use for recurring optimization.
Product management: PRDs, RICE prioritization, metrics
METAINFORMANT rules for directory scripts/menu. Use when editing, adding tests, or reviewing code under this path. Read the linked AGENTS.md first; use uv only, write outputs to output/, no mocks.
**모두**​이(가) true인 경우에만 적용:
METAINFORMANT rules for directory src/metainformant/multiomics. Use when editing, adding tests, or reviewing code under this path. Read the linked AGENTS.md first; use uv only, write outputs to output/, no mocks.
Ruby Style Guide (rubystyle.guide) conventions. Use when writing, formatting, or reviewing Ruby code for layout, naming, flow of control, methods, classes, and idioms. Complements RuboCop.
Create a six-frame storyboard that shows a user's journey from problem to solution. Use when you need a fast narrative for alignment, concept reviews, or demos.
METAINFORMANT rules for directory config/amalgkit. Use when editing, adding tests, or reviewing code under this path. Read the linked AGENTS.md first; use uv only, write outputs to output/, no mocks.
METAINFORMANT rules for directory scripts/simulation. Use when editing, adding tests, or reviewing code under this path. Read the linked AGENTS.md first; use uv only, write outputs to output/, no mocks.
METAINFORMANT rules for directory scripts/gwas/structure. Use when editing, adding tests, or reviewing code under this path. Read the linked AGENTS.md first; use uv only, write outputs to output/, no mocks.
Reviews a pull request from a PR URL by directly fetching the URL content (no `gh` dependency) and verifies compliance with CONTRIBUTING.md. Use when the user asks for a PR review, to review changes before merge, or to check contribution guidelines.
Performs a final quality pass fixing alignment, spacing, consistency, and micro-detail issues before shipping. Use when the user mentions polish, finishing touches, pre-launch review, something looks off, or wants to go from good to great.
Defines usecase-layer guidance for this repository in DDD x Clean Architecture, including usecase responsibilities, orchestration, transaction boundaries, DTOs, repository and external service ports, `internal/usecase` splitting, and `docs/domain/usecase` maintenance. Expected outputs include concise usecase-layer recommendations with reasons, placement guidance, transaction and side-effect handling notes, or small Go-oriented usecase templates with assumptions. Use when designing, implementing, reviewing, or documenting the usecase layer in this repository.
Audit email2telegram release artifacts for secret leaks and insecure defaults on GitHub, Docker Hub, and VPS. Use when preparing a release, reviewing .env/Dockerfile/compose/deploy scripts, changing scripts/release.sh, or when the user mentions security, secrets, leak, audit, hardening.
Open a GitHub pull request for this repository using gh CLI, including branch checks, push, a reviewer-friendly PR body, and verified GitHub issue links (Closes/Fixes/Refs). Always resolve or create related issues before gh pr create so the PR can link to tickets; when drafting new issues, follow the create-github-issue skill for title and body structure. **PR title and body prose are humanized** per the humanizer skill (`.cursor/skills/humanizer/SKILL.md`). Use when the user asks to create/open/submit a PR or pull request, and format title and description with the pr-title-description skill structure (including Related issues).
Performs a structured security review with a comprehensive checklist (secrets, input validation, injection, authz/authn, XSS, CSRF, rate limiting, sensitive data exposure, dependency hygiene). Use when adding authentication, handling user input/uploads, creating API endpoints, working with secrets/credentials, integrating third-party APIs, or implementing payment/sensitive features.
>-
Design engineering principles and patterns for building polished, accessible web interfaces. Use this skill when building UI components, reviewing frontend code, implementing forms, handling touch interactions, optimizing performance, or creating marketing pages. Triggers on: design engineering, UI polish, input fields, form validation, button states, touch devices, mobile UX, accessibility, a11y, keyboard navigation, aria labels, font rendering, typography, layout shift, z-index, animations, transitions, easing, hover effects, tap targets, iOS Safari, prefers-reduced-motion, marketing pages, landing pages, dark mode, theme switching, scrollbars, gradients, shadows, virtualization, preloading.
'Analyze Datadog error logs for Packmind production services (API, MCP server, Frontend), group them into patterns, perform root cause analysis against the codebase, and produce a structured bug report. This skill should be used when investigating production errors, triaging bugs, auditing service health, or performing periodic error reviews. Also triggers when the user mentions Datadog, production logs, error analysis, prod issues, service health, or asks about what errors are happening in prod. Also triggers on references to specific Datadog service names like api-proprietary, mcp-proprietary, or frontend-proprietary.'
Applies official Google best practices when writing or editing Gemini system prompts (systemInstruction). Use when creating or changing system prompts for Gemini (e.g. transcription, Dictate Prompt, Prompt & Read), when reviewing prompt text in AppConstants or SpeechService, or when the user asks about Gemini prompt design.
Verifies that i18n replacements (t/i18n.t/Trans) in source code follow extract-i18n-keys rules and that keys exist in modules with correct English copy; also checks for over-extraction (content that should not have been extracted, e.g. URLs, class names, alt/aria-label/data-*, meta, technical strings). When given a commit or range, scopes verification to changed files and optionally checks that replaced text matches module values via diff. Use for PR/commit review, i18n audit, or post-replacement validation. Read-only.
Step-by-step workflow to fix npm/pnpm/yarn vulnerabilities and review Dependabot PRs with semver and CI safety.
METAINFORMANT rules for directory docs/multiomics. Use when editing, adding tests, or reviewing code under this path. Read the linked AGENTS.md first; use uv only, write outputs to output/, no mocks.
Generate comprehensive PR titles and descriptions with summary, test plan, risks, and linked issues. Use when the user asks to write or improve a pull request description.
METAINFORMANT rules for directory scripts/gwas/preparation. Use when editing, adding tests, or reviewing code under this path. Read the linked AGENTS.md first; use uv only, write outputs to output/, no mocks.
Automated code review for security, design tokens, and accessibility. Checks for XSS, hardcoded colors, missing ARIA attributes. Returns JSON with issues.
Use when reviewing Inbox One AI features for prompt-injection, unsafe automation, data leakage, and model-boundary issues. Trigger when changing ai-service logic, /api/ai/* routes, AI draft/reply/summary flows, composer prompt handling, future model integrations, or when the user asks for prompt-injection review, LLM safety review, AI guardrail review, or data-leakage review in this repo.
Run parallel reviews on draft/spec/ticket inputs and emit Council artifacts
Orchestrator-first workflow for building and shipping changes via KB Orchestrator (orchestrator/): setup target repo/workdir, run validation jobs with artifacts + safety, then run structured code review and apply fixes (requesting-code-review/receiving-code-review), and verify web UI behavior via Playwright MCP. Use when the user asks “через оркестратор”, wants repeatable stages + audit trail (commands/prompt), or needs phone/VPN-accessible web demo checks.
Use when refreshing RemDo dependencies. Run the workspace dependency refresh script, fix only straightforward fallout, then review CI warnings, tooling freshness, and notable release notes for simplification opportunities.
Structured code review checklist for torch_sipu changes. Use when reviewing code, a PR, a diff, or auditing operator implementation.
Apply SOLID, SRP, cohesion, composition-over-inheritance, and small-file discipline to code changes. Use when refactoring large files or classes, setting maintainability limits in `AGENTS.md`, documenting justified exceptions, or reviewing design quality.
Use when working in the Ze repo and the user asks for ze-review-spec or wants implementation checked against the selected spec. Verify every acceptance criterion, planned test, planned file, wiring check, and required docs update, then report gaps without fixing them.
Address ALL PR issues (GitHub Actions, Greptile, SonarCloud, CI/CD)