Step-by-step workflow to fix npm/pnpm/yarn vulnerabilities and review Dependabot PRs with semver and CI safety.

METAINFORMANT rules for directory docs/multiomics. Use when editing, adding tests, or reviewing code under this path. Read the linked AGENTS.md first; use uv only, write outputs to output/, no mocks.

Generate comprehensive PR titles and descriptions with summary, test plan, risks, and linked issues. Use when the user asks to write or improve a pull request description.

Session-end review of recent chiron activity. Scores across 5 axes (design thinking, code quality, idioms, testing, engineering maturity) and names one concrete thing to practice next time. Read-only in v0.3.0 — does not persist scores.

METAINFORMANT rules for directory scripts/gwas/preparation. Use when editing, adding tests, or reviewing code under this path. Read the linked AGENTS.md first; use uv only, write outputs to output/, no mocks.

nuqs (type-safe URL query state) best practices for Next.js applications. This skill should be used when writing, reviewing, or refactoring code that uses nuqs for URL state management. Triggers on tasks involving useQueryState, useQueryStates, search params, URL state, query parameters, nuqs parsers, or Next.js routing with state.

Automated code review for security, design tokens, and accessibility. Checks for XSS, hardcoded colors, missing ARIA attributes. Returns JSON with issues.

Use when reviewing Inbox One AI features for prompt-injection, unsafe automation, data leakage, and model-boundary issues. Trigger when changing ai-service logic, /api/ai/* routes, AI draft/reply/summary flows, composer prompt handling, future model integrations, or when the user asks for prompt-injection review, LLM safety review, AI guardrail review, or data-leakage review in this repo.

Run parallel reviews on draft/spec/ticket inputs and emit Council artifacts

[BETA] Offload plan phase to Claude Code's ultraplan cloud — drafts remotely while terminal stays free, review in browser with inline comments, import back via $gsd-import. Claude Code only.

Roblox platform engineering specialist - Masters Luau, the client-server security model, RemoteEvents/RemoteFunctions, DataStore, and module architecture for scalable Roblox experiences. Use when Codex needs this specialist perspective, workflow, or review style for related tasks in the current project.

Expert performance testing and optimization specialist focused on measuring, analyzing, and improving system performance across all applications and infrastructure. Use when Codex needs this specialist perspective, workflow, or review style for related tasks in the current project.

Orchestrator-first workflow for building and shipping changes via KB Orchestrator (orchestrator/): setup target repo/workdir, run validation jobs with artifacts + safety, then run structured code review and apply fixes (requesting-code-review/receiving-code-review), and verify web UI behavior via Playwright MCP. Use when the user asks “через оркестратор”, wants repeatable stages + audit trail (commands/prompt), or needs phone/VPN-accessible web demo checks.

Run a literature review using paper search and primary-source synthesis. Use when the user asks for a lit review, paper survey, state of the art, or academic landscape summary on a research topic.

Use when refreshing RemDo dependencies. Run the workspace dependency refresh script, fix only straightforward fallout, then review CI warnings, tooling freshness, and notable release notes for simplification opportunities.

Enforce TypeScript safety rules when editing or reviewing `.ts` and `.tsx` files, adding shared types, handling external data, or resolving type errors. Use when Codex needs repo-specific guidance on narrowing unknown values, writing `catch (error: unknown)`, avoiding `any`, and keeping casts confined to explicit, already-approved boundaries such as generated and ignored files.

Structured code review checklist for torch_sipu changes. Use when reviewing code, a PR, a diff, or auditing operator implementation.

Manage GitHub Project v2 issue states, workpad comments, and related follow-up actions.

Use when the user asks to design, review, or debug authentication and onboarding flows for Finny, especially React Native + Supabase auth session handling and Plaid-linked account setup.

Apply SOLID, SRP, cohesion, composition-over-inheritance, and small-file discipline to code changes. Use when refactoring large files or classes, setting maintainability limits in `AGENTS.md`, documenting justified exceptions, or reviewing design quality.

Use when working in the Ze repo and the user asks for ze-review-spec or wants implementation checked against the selected spec. Verify every acceptance criterion, planned test, planned file, wiring check, and required docs update, then report gaps without fixing them.

Address ALL PR issues (GitHub Actions, Greptile, SonarCloud, CI/CD)

comming soon...

You are reviewing Go code in the VMARBLE Warehouse Management Service (modular monolith).

Turn a design spec into an explicit tx task graph with `tx decompose`, then refine the graph using normal tx task and dependency primitives.

- Ensure the PR is conflict-free with `develop`.

Project delivery skills: planning, risk management, dependency tracking, communication. Use when: planning releases, managing risks, coordinating teams.

When a problem is found outside the current task scope, classify and act. Enforces strict triage rules: only direct regressions stay in the branch; everything else becomes a filed issue with full context, proper size split, and milestone set to match the current PR.

[OMX] Run a comprehensive security review on code

Review source files changed during a phase for bugs, security issues, and code quality problems

Review Donna experiences for older-adult usability, caregiver clarity, and reassuring low-friction interaction. Use when evaluating onboarding, dashboards, reminders, authentication, settings, copy, navigation, or any user-visible flow in `apps/consumer/`, `apps/mobile/`, `apps/admin-v2/`, or voice prompts intended for seniors and caregivers.

Expert application security engineer specializing in threat modeling, vulnerability assessment, secure code review, and security architecture design for modern web and cloud-native applications. Use when Codex needs this specialist perspective, workflow, or review style for related tasks in the current project.

Sincroniza calendarios de Microsoft 365 con NEXO AV para operaciones e hitos administrativos. Use when implementing or reviewing Microsoft Graph calendar sync, wiring `CalendarPage`, mapping Outlook events to project sites, assignments, visits or billing milestones, or diagnosing calendar-based workflows for `Instalaciones` and `Facturacion`.

Adversarial verification agent for investigative articles

Profile application performance, identify bottlenecks, design optimization strategies, implement changes, benchmark improvements, and review code quality.

claims-extractor

读取当前项目的 PR 审查结果，自动修复中等和严重问题，轻微问题需确认后再决定是否修复

Use when working in the Ze repo and the user asks for ze-review or for a focused review of current changes. Read the changed files and their intent, inspect edge cases, security risks, and missing tests, and report findings without fixing anything.

Review recently changed files for code reuse, quality, and efficiency issues, then fix them. Use when implementation is already complete and you want a final cleanup pass that mirrors Claude Code's `/simplify` behavior as closely as Codex can, without overriding Claude's native `/simplify`.

comming soon...

Scrape e-commerce data for pricing intelligence, customer reviews, and seller discovery across Amazon, Walmart, eBay, IKEA, and 50+ marketplaces. Use when user asks to monitor prices, track competi...

Audit repository documentation against the real codebase and reorganize docs into three buckets: implemented, planned, and mismatch. Use this whenever the user asks to review docs for correctness, compare docs with code or git diff, reconcile stale design docs, rewrite project documentation structure, or maintain `project-index.yaml` as the source of truth for doc-to-code mapping.

Use when reviewing a PIDA branch, diff, or PR. Focus on bugs, regressions, missing tests, API contract drift, persistence risks, and operational issues before style comments.

Provide governance context for defining and maintaining boundaries between `*.action.ts` and `*.service.ts` in Next.js App Router entity APIs. Use when handling entity API layer functions or Server Action/Service methods, and when creating/refining conventions, refactor plans, or review criteria in `src/**/api`.

Walks the merchant through Stripe onboarding, captures their API keys, and writes them to Vercel env vars. Handles the common case where KYC takes days by supporting a preview-mode deploy path.

Read a story file and implement it. Loads the full context (story, GDD requirement, ADR guidelines, control manifest), routes to the right programmer agent for the system and engine, implements the code and test, and confirms each acceptance criterion. The core implementation skill \u2014 run after /story-readiness, before /code-review and /story-done.

A skill for driving GitHub pull request creation. Handles change review, required checks, commit, push, and PR creation in one flow, and expects fresh verification evidence from `code-change-verification` when repository code changed.