'Tests APIs for mass assignment (auto-binding) vulnerabilities where clients can modify object properties they

Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated

Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain

Systematically testing web applications for broken access control vulnerabilities including privilege escalation,

Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege

Test web application email functionality for SMTP header injection vulnerabilities that allow attackers to inject

Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters,

Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage,

Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks

Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater

'Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into

Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF,

Test and validate ransomware recovery procedures including backup restore operations, RTO/RPO target verification,

'Tests WebSocket API implementations for security vulnerabilities including missing authentication on WebSocket

Threat actor infrastructure tracking involves monitoring and mapping adversary-controlled assets including command-and-control

'Triages security alerts in Splunk Enterprise Security by classifying severity, investigating notable events,

Classify and prioritize security incidents using structured IR playbooks to determine severity, assign response

'Performs initial triage of security incidents to determine severity, scope, and required response actions using

Triage and prioritize vulnerabilities using CISA's Stakeholder-Specific Vulnerability Categorization (SSVC) decision

Validate backup integrity through cryptographic hash verification, automated restore testing, corruption detection,

Generates optimized prompts for any AI tool. Use when writing, fixing, improving, or adapting a prompt for LLM, Cursor, Midjourney, image AI, video AI, coding agents, or any other AI tool.

Backlink profile analysis: referring domains, anchor text distribution, toxic link detection, competitor gap analysis. Works with free APIs (Moz, Bing Webmaster, Common Crawl) and DataForSEO extension. Use when user says backlinks, link profile, referring domains, anchor text, toxic links, link gap, link building, disavow, or backlink audit.

>

>

>

>

Generate production-ready images for SEO use cases using Gemini's image generation

>

>

>

>

Comprehensive SEO analysis for any website or business type. Full site audits, single-page analysis, technical SEO (crawlability, indexability, Core Web Vitals with INP), schema markup, content quality (E-E-A-T), image optimization, sitemap analysis, and GEO for AI Overviews/ChatGPT/Perplexity. Industry detection for SaaS, e-commerce, local, publishers, agencies. Triggers on: SEO, audit, schema, Core Web Vitals, sitemap, E-E-A-T, AI Overviews, GEO, technical SEO, content quality, page speed, structured data.

Analyze a GitHub pull request including diff, comments, related issues, and local code context

Quick review checklist for python and scala code changes before callings it done.

Instructions for AI coding agents working on the React on Rails codebase.

Vyper smart contract compiler internals. Use when working on the Vyper compiler codebase — compilation pipeline, Venom IR, semantic analysis, code generation, testing, or contributing. Triggers on vyper compiler development, Venom passes, AST/semantics changes, codegen work, or test writing.

>-

docs/internal/contributing/README.md

Use when customer-facing API changes were made — i.e., API report .md files differ from main. Guides through release tag assignment, API Council review requirements, breaking change classification, deprecation process, and changeset guidance. Triggered automatically by ci-readiness-check when api-report diffs are detected.

Use when you need to create a new custom skill for a profile - guides through gathering requirements, creating directory structure, writing SKILL.md, and optionally adding bundled scripts

Trigger ADO pipelines for a Copilot-created PR by posting /azp run comments. Use when the user asks to trigger CI pipelines for a specific PR.

Use when composing, writing, drafting, or reviewing a PR title, PR description, or PR body in Fluid Framework — provides title style, body template, and section guidance.

Use this skill for any Kusto query or telemetry investigation specifically related to Fluid Framework or its partners. Triggers include: writing or running a Kusto query against the Office Fluid database, investigating Fluid Framework telemetry or error rates, querying Office_Fluid_FluidRuntime_* tables, looking up a Fluid session by Session_Id or docId, investigating a Fluid-related error in Loop or Whiteboard telemetry, monitoring an FF bump or partner ring deployment, checking Fluid render reliability or Scriptor errors, or when the user mentions Fluid-specific tables (Office_Fluid_FluidRuntime_*, OwhLoads, HostTracker, Scriptor) or Fluid-specific error types (dataCorruptionError, dataProcessingError, DeltaConnectionFailureToConnect, ICE, ACE). Do NOT trigger for general Kusto questions that are not related to Fluid Framework.

Use when writing or changing tests, adding mocks, or tempted to add test-only methods to production code - prevents testing mock behavior, production pollution with test-only methods, and mocking without understanding dependencies

Use when design is complete and you need detailed implementation tasks for engineers with zero codebase context - creates comprehensive implementation plans with exact file paths, complete code examples, and verification steps assuming engineer has minimal domain knowledge

Use when asked to review code, review a branch, or do a code review. Spawns Breaker (correctness) and API Analyst (compatibility/conventions) sub-agents while the orchestrator reviews architecture, tests, performance, and security.

<required>

Create release PR from main to production for semantic-release.

Prepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures accessibility, and generates documentation (flowcharts, user stories, inline comments).