Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations,

'This skill covers hardening managed Kubernetes clusters on EKS, AKS, and GKE by implementing Pod Security Standards,

'Tests Android inter-process communication (IPC) through intents for vulnerabilities including intent injection,

'Tests API authentication mechanisms for weaknesses including broken token validation, missing authentication

'Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated

'Tests APIs for mass assignment (auto-binding) vulnerabilities where clients can modify object properties they

Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain

Systematically testing web applications for broken access control vulnerabilities including privilege escalation,

Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege

Test web application email functionality for SMTP header injection vulnerabilities that allow attackers to inject

Test web applications for HTTP Host header injection vulnerabilities to identify password reset poisoning, web

Test JWT implementations for critical vulnerabilities including algorithm confusion, none algorithm bypass, kid

Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters,

Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage,

Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks

Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater

'Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into

Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF,

Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization

'Tests authentication and authorization mechanisms in mobile application APIs to identify broken authentication,

'Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception,

Test and validate ransomware recovery procedures including backup restore operations, RTO/RPO target verification,

'Tests WebSocket API implementations for security vulnerabilities including missing authentication on WebSocket

Triage and prioritize vulnerabilities using CISA's Stakeholder-Specific Vulnerability Categorization (SSVC) decision

Validate backup integrity through cryptographic hash verification, automated restore testing, corruption detection,

Use this skill whenever the user wants speech to sound more human, companion-like, or emotionally expressive. Triggers include: any mention of 'say like', 'talk like', 'speak like', 'companion voice', 'comfort me', 'cheer me up', 'sound more human', 'good night voice', 'good morning voice', or requests to add fillers, emotion, or personality to generated speech. Also use when the user wants to mimic a specific character's voice, apply speaking style presets (goodnight, morning, comfort, celebration, chatting), tune emotional parameters like warmth or tenderness, or make TTS output feel like a real person talking. If the user asks for a 'voice message', 'companion audio', 'character voice', or wants speech that sighs, laughs, hesitates, or sounds genuinely warm, use this skill. Do NOT use for plain text-to-speech without personality, music generation, sound effects, or general coding tasks unrelated to expressive speech.

Fetches the latest news using news-aggregator-skill, formats it into a podcast script in Markdown format, and uses the tts skill to generate a podcast audio file. Use when the user asks to get the latest news and read it out as a podcast.

Provides domain-specific best practices for Node.js development with TypeScript, covering type stripping, async patterns, error handling, streams, modules, testing, performance, caching, logging, and more. Use when setting up Node.js projects with native TypeScript support, configuring type stripping (--experimental-strip-types), writing Node 22+ TypeScript without a build step, or when the user mentions 'native TypeScript in Node', 'strip types', 'Node 22 TypeScript', '.ts files without compilation', 'ts-node alternative', or needs guidance on error handling, graceful shutdown, flaky tests, profiling, or environment configuration in Node.js. Helps configure tsconfig.json for type stripping, set up package.json scripts, handle module resolution and import extensions, and apply robust patterns across the full Node.js stack.

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>