alvarovillalbaa
29 verified skills
ai-engineering
Use when building ML/data systems, designing data pipelines, ETL/ELT processes, data modeling, data quality frameworks, DataOps, or working with Spark, Airflow, dbt, Kafka, Flink, Snowflake, BigQuery, or Delta Lake. Also use for streaming architecture decisions, data contract design, pipeline orchestration, and troubleshooting data infrastructure issues. Also use when optimizing prompts, designing prompt templates, evaluating LLM outputs, building agentic systems, implementing RAG, creating few-shot examples, analyzing token usage, or designing AI workflows. Also use when designing or analysing controlled experiments (A/B testing, sample sizing, Bonferroni correction), performing causal inference (difference-in-differences), building feature engineering pipelines (Scikit-learn, XGBoost), evaluating classification/regression models (AUC-ROC, AUC-PR, SHAP, MLflow), or translating statistical findings into data-driven business decisions. Also use when building computer vision systems — object detection (YOLO, Faster R-CNN, DETR), image segmentation (Mask R-CNN, SAM, SegFormer), image classification (ResNet, EfficientNet, ViT), video analysis, 3D vision, model optimization (ONNX, TensorRT, OpenVINO), dataset preparation and annotation pipelines, or deploying vision models to production with PyTorch, Ultralytics, Detectron2, or MMDetection.
development
code-documentation
This skill should be used when the user asks to write, update, review, scaffold, or reorganize documentation for code, folders, services, repos, workflows, architectural decisions, or operational processes. Trigger for `README.md`, `ARCHITECTURE.md`, `TESTS.md`, `SETUP.md`, `RUNBOOK.md`, `CHANGELOG.md`, `SECURITY.md`, `OVERVIEW.md`, `FAQ.md`, `DECISIONS.md`, `DEPENDENCIES.md`, `AGENTS.md`, `PLAN.md`, `SPEC.md`, `SOUL.md`, `PRINCIPLES.md`, `DESIGN.md`, `runbooks/**/*.md`, `docs/**/*.md`, MDX docs, JSDoc/TSDoc, docstrings, ADRs, post-mortems, migration guides, and PR documentation-impact reviews.
development
skills/content-writing
--- name: content-writing description: Use for all content creation, repurposing, quality auditing, content refresh, content gap analysis, keyword research, support-to-content needs, and article editing — blog articles from raw knowledge (including SEO-optimized content), X/Twitter Articles with editorial scoring, LinkedIn posts and long-form articles, multi-channel syndication from a canonical asset (X, LinkedIn, Substack, Medium, Dev.to, Hashnode, Reddit), humanizing AI-generated text, optimiz
development
skills/memory-management
- automatic by the AI agent itself (memory system of the platform) - documentation as a part of memory - might use plugins/extensions - might have custom workaround memory ( e.g. on OpenClaw)
tools
message-outreach
Convert raw person- or account-level data into a single, skimmable research brief for the sales team with Account, Persona, and ongoing research. Use when the user has prospect/account data and needs an actionable brief with ICP/ICA scoring.
development
prospect-research
Turn heterogeneous inputs (LinkedIn, company site, job boards, research) into a decision-ready GTM brief with Account, Persona, and Next best motion. Use when the user has prospect/account URLs or content and needs a full positioning and outreach brief. Apply provided scorecards (ICP, ICA, signals) as authoritative rubrics.
testing
quality-assurance
End-to-end quality assurance and secure coding for any software repo: code review, test strategy, bug triage, debugging, flaky-test repair, coverage improvement, coverage assessment, coverage regression, identify low-coverage files, coverage artifacts, make coverage, pnpm test:coverage, coverage thresholds failing, propose high-impact tests, coverage gaps, confirm before writing tests, suite architecture, CI/CD quality gates, security best practices, security audits, and AppSec threat modeling for frontend, backend, or full-stack systems. Use when reviewing PRs, receiving review feedback, writing or repairing tests, debugging failing or flaky suites, proving browser behavior, hardening frontend or backend CI, improving release confidence with reliable verification, defining a testing strategy for a new project, security review, security audit, security scan, security report, write a security report, security vulnerability, secure by default, secure coding, write secure code, audit codebase for vulnerabilities, security best practices review, find vulnerabilities, passive security review, active security audit, threat model, threat modeling, AppSec threat model, security threat model, threat model a codebase, threat model a repository, enumerate threats, abuse paths, trust boundaries, attacker model, attack surface analysis, threat enumeration, STRIDE threat model, PASTA threat model, STRIDE PASTA, security guidance for React, security guidance for Django, security guidance for FastAPI, security guidance for Flask, security guidance for Express, security guidance for Next.js, security guidance for Vue, security guidance for jQuery, security guidance for Go, python web security, javascript web security, typescript web security, golang backend security, XSS prevention, SQL injection prevention, CSRF protection, CSP Content Security Policy, secure token storage, avoid prototype pollution, safe HTML rendering, OWASP, cloud security, infrastructure security, IAM security, AWS security, cloud infrastructure security, cloud deployment security, CI/CD security, pipeline security, secrets rotation, secrets management, VPC security, network security, CloudWatch logging, cloud secrets manager, Cloudflare WAF, CDN security, DDoS protection, backup disaster recovery, OIDC federation CI, supply chain security, cloud misconfiguration, S3 bucket security, RDS security, Terraform security, rate limiting, dependency security, npm audit, file upload validation, input validation schema, blockchain security, Solana security, Web3 security, wallet signature verification, wallet ownership verification, transaction verification, Solana wallet, on-chain security, crypto security, NFT security, DeFi security, smart contract interaction security, scan Claude Code configuration, agent configuration security scan, AgentShield, ecc-agentshield, agentshield scan, scan .claude directory, CLAUDE.md security audit, settings.json security, MCP server security scan, hooks security audit, agent definition security, claude code config vulnerability, prompt injection CLAUDE.md, hook command injection, MCP supply chain risk, overly permissive allow list, bash wildcard permission, hardcoded secrets in config, claude code security, agent config hardening, secure claude code setup, initialize secure config, agentshield init, agentshield fix, agentshield opus deep analysis, agentshield github action, claude code settings audit, designing a test pyramid, applying test pyramid ratio 70 20 10, defining unit integration E2E test distribution, AI testing pyramid, AI application test pyramid, LLM testing pyramid, AI test strategy, AI eval pyramid, offline AI evaluations, LLM evals, AI evals, agent workflow testing, red team AI testing, human QA AI, LLM-as-judge, PromptFoo evals, Ragas evals, DeepEval evals, RAG testing pyramid, AI agent test layers, deterministic unit tests AI, AI contracts testing, AI integration testing, test pyramid for LLM apps, test pyramid for agent systems, eval framework selection, AI quality assurance, before refactoring to build a safety net, setting up CI CD automated tests, quality issues bugs happen frequently, how should we test, test strategy for, write tests for, test plan, what tests do we need, testing approach, test strategy document output, coverage goals and tools selection, fixing lint errors or formatting issues, running pre-commit checks, using yarn prettier or yarn linc, adding new React error messages, seeing 'unknown error code' warnings, writing Django or DRF tests, generating Factory Boy fixtures, debugging pytest failures in a Django project, testing Django models, serializers, or API views, working with React feature flags, understanding @gate pragmas, debugging channel-specific test failures, adding new flags to ReactFeatureFlags, generating test planning documentation from PRDs or implementation plans, applying ISTQB test design techniques, applying ISO 25010 quality characteristics, creating GitHub test issue templates, defining quality gates and entry/exit criteria, estimating test tasks, structuring test strategies for GitHub project management, writing TypeScript Playwright E2E tests, implementing page object model, reusing auth state across tests, managing test data with API helpers, configuring Playwright for CI, writing smoke tests or critical-path regression tests, debugging flaky E2E tests, cross-browser E2E testing with Chromium Firefox or WebKit, writing Cypress E2E tests, Cypress custom commands, cy.intercept network mocking, Cypress session auth reuse, visual regression testing with toHaveScreenshot, parallel test sharding, accessibility testing with axe-core, Playwright network interception with page.route, test.step structured reporting, E2E-first testing philosophy, preferring E2E tests over unit tests, avoiding React component tests in isolation, minimizing mocking, 3-mock rule, MSW integration tests, Vitest unit tests for pure functions, co-located test files, createTestingAccount utility, addAccountBalance utility, role-based selectors, accessible selectors in Playwright, test ID selectors, avoid CSS selectors in E2E tests, Playwright installation npm init playwright, Playwright configuration webServer, beforeEach afterEach beforeAll afterAll test hooks, serial test mode test.describe.configure, Playwright form interactions fill check uncheck selectOption setInputFiles, Playwright keyboard interactions press type dblclick dragAndDrop, Playwright assertions toBeVisible toBeHidden toHaveText toHaveCount toHaveCSS, soft assertions expect.soft, toPass poll assertion, custom fixtures test.extend, multiple user roles fixture adminPage userPage, test tags filtering tag @smoke @regression grep, video recording retain-on-failure, browser console capture page.on console pageerror, popup handling context waitForEvent, conditional optional elements count isVisible, data-driven tests for loop parametrized, Playwright Docker mcr.microsoft.com playwright, generating Playwright tests from a scenario, Playwright MCP test generation, generate test with Playwright MCP, walk scenario live before writing code, emit test after MCP steps, save and execute generated Playwright test, iterate until Playwright test passes, pytest fixtures, pytest parametrize, pytest markers, pytest-mock mocker, pytest-asyncio async tests, pytest-cov coverage, pytest-xdist parallel pytest, FastAPI testing TestClient AsyncClient httpx, pytest conftest, fixture scope function class module session, autouse fixture, arrange act assert, pytest.raises, pytest.approx, pytest.mark.skip pytest.mark.xfail, pytest.ini addopts testpaths, writing Python unit tests, writing Python integration tests, testing FastAPI endpoints, async Python testing, SQLAlchemy test database override, dependency override FastAPI test, aiosqlite test database, pytest best practices, pytest anti-patterns, pytest common pitfalls, pytest coverage annotate, cov_annotate, coverage annotate report, lines missing coverage, increase coverage to 100%, exclamation mark uncovered lines, iterative coverage improvement, TDD test-driven development, red green refactor, write failing test first, TDD iron laws, no production code without failing test, observe the red, unittest.mock patch Mock mock_open autospec PropertyMock, testing file operations tmp_path tmpdir tempfile, mocking async functions assert_awaited_once, coverage target 80 percent critical path 100 percent coverage, quick reference pytest cheatsheet, monkeypatch setenv delenv setattr, MagicMock magic methods, freezegun freeze_time time travel time freezing, property-based testing hypothesis given strategies, SQLAlchemy in-memory test database db_session, testing retry behavior side_effect sequence, concurrent async asyncio.gather, CI CD GitHub Actions Python pytest workflow, pyproject.toml coverage omit exclude_lines, test naming convention test unit scenario expected outcome, testing error paths failure cases, parametrized fixture fixture params request.param fixture parametrization backend variant environment parametrize fixture, test organization directory structure tests unit integration e2e conftest shared fixtures, python testing patterns, Mastra smoke test, create-mastra, Mastra Studio, Mastra Studio smoke test, smoke test Mastra, create mastra project, mastra dev server, mastra agents page, mastra tools page, mastra workflows page, mastra scorers page, mastra observability, mastra network mode, mastra agent network, plannerNetwork, mastra localhost 4111, mastra LLM provider, mastra openai anthropic groq google cerebras mistral, mastra environment variables, mastra browser testing, mastra studio routes, smoke testing a web app, smoke test checklist browser automation, Jest unit tests, Vitest unit tests, describe beforeEach afterEach jest.fn mockResolvedValue, Supertest API testing integration tests, API endpoint testing Node.js, k6 load testing, k6 stress test, k6 spike test, k6 thresholds, Artillery performance testing, load test ramp up ramp down, p95 response time SLA, performance testing stages, security requirement extraction, threat model to requirements, STRIDE requirements, security user stories, security acceptance criteria, compliance requirement mapping, security traceability matrix, threat to requirement mapping, STRIDE PASTA security requirements, PCI-DSS requirements, HIPAA requirements, GDPR requirements, OWASP ASVS requirements, security requirements from threat model, derive security requirements, security requirement priority, security testing, authentication security tests, authorization IDOR privilege escalation, input validation SQL injection XSS, security headers CSP HSTS X-Frame-Options, rate limiting brute force, OWASP security test checklist, test report template, defect report, severity CRITICAL HIGH MEDIUM LOW, coverage analysis gaps recommendations, QA methodology, exploratory testing charter, usability testing, accessibility testing WCAG 2.1 AA, localization testing RTL UTF-8, compatibility matrix browser OS, pairwise testing, risk-based testing, defect management 5 whys root cause analysis, quality metrics DRE defect leakage MTTR, quality dashboard, continuous testing shift-left, feedback cycle targets, quality gates production release, automation framework, Screenplay pattern Actor Task, keyword-driven testing, model-based testing state machine, self-healing locators multi-strategy finder, error recovery smart retry exponential backoff, parallel distributed execution Playwright sharding, test data factories Faker UserFactory, team enablement training code review checklist, automation ROI calculation break-even, custom reporter metrics, prefer integration tests over unit tests, mock external services use real fixtures, minimize edge case testing, always add regression tests for bugs, cover every user entry point, tests validate before manual QA, testing philosophy testing principles, pnpm test pnpm test:run, co-locate test files star.test.ts, test isolation temp directory cleanup afterEach, pure function tests no setup, sanitized fixtures PII scrubbing, happy path integration test entry point coverage, regression test for bug fail before fix pass after, public interface not internal methods, real world fixtures not mocks for data, test submission checklist, boundary conditions, boundary value analysis, edge case testing, limit values, integer overflow underflow, MIN_VALUE MAX_VALUE, null empty whitespace string testing, collection empty single many, floating point precision tolerance, NaN Infinity special values, array index out of bounds, date time leap year boundaries, parameterized boundary tests, JUnit 5 boundary testing, ParameterizedTest ValueSource CsvSource, Math.addExact Math.subtractExact, isCloseTo within tolerance, pytest.approx sys.maxsize, toBeCloseTo Number.MAX_SAFE_INTEGER, it.each boundary cases, vitest vitest.config.ts vite testing framework, vi.fn vi.mock vi.spyOn vitest mocks, vi.useFakeTimers vi.setSystemTime vitest timers, vitest globals jsdom happy-dom environment, vitest coverage v8 istanbul thresholds, vitest sharding shard CI parallel, expectTypeOf type testing test-d.ts, vitest browser mode playwright chromium, vitest fixtures test.extend custom fixtures, vitest snapshots toMatchSnapshot toMatchInlineSnapshot, vitest workspace projects monorepo, vitest benchmarks bench describe, vitest watch mode HMR, vitest run coverage, vitest concurrent sequential test.concurrent, defineConfig mergeConfig vitest config, vitest setup files setupFiles globalSetup, vitest pool threads forks vmThreads, vitest aroundEach aroundAll around hooks, vi.hoisted hoisted variables vitest, vi.stubGlobal vi.stubEnv vitest globals env, vi.mockObject mock object vitest, vitest soft assertions expect.soft, vitest poll assertion expect.poll, vitest filter tags testNamePattern changed, vitest related files imports, vitest typecheck type check, NestJS E2E testing, NestJS jest e2e, nestjs test e2e, jest-e2e.config.ts, e2e-spec.ts, test/e2e directory, GWT pattern, Given-When-Then test, real infrastructure testing, Docker E2E testing, docker-compose E2E, docker-compose testing infrastructure, Kafka E2E testing, Kafka Jest testing, KafkaTestHelper, Redpanda testing, Kafka consumer E2E, Kafka producer E2E, kafka fromBeginning pre-subscription, waitForMessages smart polling, consumer group isolation, PostgreSQL E2E testing, PostgresTestHelper, MongoDB E2E testing, MongoDbTestHelper, Redis E2E testing, RedisTestHelper, MSW external API mock E2E, Nock API mock, supertest NestJS, NestJS test helper, NestJS app bootstrap test, connectMicroservice test, inheritAppConfig, runInBand sequential jest, jest maxWorkers 1, jest forceExit detectOpenHandles, E2E session temp file, E2E_SESSION log file redirect, fix one test at a time E2E, debug E2E test, review E2E test, setup E2E test, write E2E test, run E2E test, optimize E2E test, e2e test flaky NestJS, e2e connection error database Kafka Redis, e2e timeout async, e2e race condition, e2e state leakage, e2e test isolation beforeEach cleanup, release readiness review, release candidate review, release gate, ship or block, green light to ship, blocked release, release diff review, release diff audit, release review checklist, breaking changes detection, regression detection, release risk assessment, find latest release tag, BASE_TAG TARGET diff, git diff release, version bump check, changelog audit, migration path audit, release blocking triggers, release polish, release notes audit, release readiness checklist, pre-release review, pre-release audit, validate release, release review workflow, release call, release gate policy, deterministic gate, ship block call, openai-agents-python release, release candidate diff, release sign-off, release readiness gate, make format make lint make typecheck make tests, makefile verification stack, parallel make steps, pre-commit make workflow, code-change-verification, run verification stack, make sync uv dev requirements, fail-fast parallel make, heartbeat make steps, make verify run, autonomous penetration testing, pentest web application, shannon keygraph, npx shannon, run a pentest, active security testing, DAST dynamic application security testing, proof of concept exploit, PoC exploit, vulnerability confirmation, confirmed exploit, exploitable vulnerability, security assessment report, JWT algorithm confusion, JWT none algorithm, RS256 HS256 confusion, KID header injection, NoSQL injection MongoDB, mass assignment vulnerability, SSRF cloud metadata, SSRF auth header forwarding, command injection OS, horizontal privilege escalation, vertical privilege escalation, 41 checkpoint security test, pentest staging environment, autonomous pentest, automated pentest, AI pentesting, security assessment, penetration testing report, vulnerability exploitation, exploit validation, pentest framework, authorized testing, QA a web app, test this site, find bugs and fix, test and fix bugs, live web app QA, browser QA testing, QA report, health score, issue taxonomy, QA health score, quick QA, standard QA, exhaustive QA, diff-aware QA, QA tier, QA mode, QA phases, fix loop QA, before after screenshot, ship readiness, does this work, feature ready for testing, QA this branch, QA this PR, QA this feature, visual bug, functional bug, UX bug, console error QA, broken link QA, accessibility bug, content bug, performance bug, per-page exploration, QA checklist, framework detection QA, Next.js QA, Rails QA, WordPress QA, SPA QA, QA regression, WTF likelihood, verified best-effort reverted deferred, commit per fix, minimal fix QA, regression test QA, qa-report-template, issue-taxonomy, systematic debugging, root cause investigation, investigate this error, root cause analysis, debug report, hypothesis testing, scope lock, pattern analysis bug, investigate broken functionality, debug this, fix this bug, why is this broken, phase investigation, race condition debug, null propagation debug, state corruption debug, integration failure debug, configuration drift debug, stale cache debug, 3-strike debugging, blast radius fix, fix root cause not symptom, no fixes without root cause, iron law debugging, reproduce before repair, bug investigation phases, structured debug report, DONE DONE_WITH_CONCERNS BLOCKED status, CSO review, chief security officer audit, comprehensive security audit, infrastructure-first security audit, secrets archaeology, git history credential scan, find leaked credentials in git history, CI/CD pipeline security audit, LLM AI security audit, skill supply chain security scan, attack surface census, webhook signature verification audit, infrastructure shadow surface, false positive confidence gate, security posture report, 15-phase security audit, secrets in git history, dependency supply chain audit, OWASP Top 10 assessment, STRIDE per component threat model, data classification security, active verification security findings, SOC 2 compliance, SOC 2 Type II, PCI-DSS compliance, HIPAA compliance, GDPR compliance, compliance checker, compliance scan, compliance audit, compliance report, compliance framework, compliance validation, compliance score, compliance gap, run compliance check, check compliance, verify compliance, compliance controls, SOC 2 controls, HIPAA safeguards, GDPR principles, PCI cardholder data, CVE triage, CVSS scoring, CVSS score, CVSS v3.1, vulnerability management, vulnerability lifecycle, vulnerability assessment, vulnerability report, vulnerability remediation, dependency CVE, npm vulnerability, Python vulnerability, go vulnerability, vulnerability scanner, vulnerability assessor, scan for vulnerabilities, automated vulnerability scan, risk score dependency, emergency patch, patch priority, vulnerability SLA, security scanner script, scan codebase security, automated code security scan, detect hardcoded secrets, detect injection vulnerabilities, path traversal detection, security scan exit code, zero trust architecture, defense in depth, design secure architecture, secure architecture design, security incident response, handle security incident, incident response plan, incident response playbook, P1 P2 P3 P4 incident severity, breach containment, eradication recovery post-mortem, FIDO2 WebAuthn hardware keys, mTLS mutual TLS, OAuth 2.0 PKCE, JWT short expiry refresh token, authentication pattern selection, AES-256-GCM encryption, Argon2id password hashing, bcrypt hashing, HMAC-SHA256, key management key rotation, envelope encryption DEK KEK, vulnerability severity matrix impact exploitability, security code review checklist, secure vs insecure patterns, SQL injection parameterized query, Ed25519 digital signature, X25519 key exchange, PBKDF2 scrypt KDF.
tools
skills/research
https://github.com/ericosiu/ai-marketing-skills/tree/main/autoresearch
data-ai
review
CEO/founder-mode plan review with designer's eye design critique AND engineering manager-mode architecture & execution review. Rethink the problem, find the 10-star product, challenge premises, expand scope when it creates a better product. Four modes: SCOPE EXPANSION (dream big), SELECTIVE EXPANSION (hold scope + cherry-pick expansions), HOLD SCOPE (maximum rigor), SCOPE REDUCTION (strip to essentials). Includes a full 7-pass design review (information architecture, interaction states, user journey, AI slop risk, design system alignment, responsive/a11y, unresolved decisions) with 0-10 ratings for any plan with UI scope. Engineering review covers architecture, data flow, edge cases, test coverage, performance, and parallelization strategy. AUTOPLAN mode: auto-decides all intermediate questions using 6 decision principles, runs CEO → Design → Engineering reviews sequentially with dual AI voices (independent Claude subagent + primary), surfaces only User Challenges (where both voices disagree with the user's direction) and taste decisions at a final approval gate. Use when asked to "auto review", "autoplan", "run all reviews", "review this plan automatically", or "make the decisions for me". Use when asked to "think bigger", "expand scope", "strategy review", "rethink this", "is this ambitious enough", "review the design plan", "design critique", "review the architecture", "engineering review", or "lock in the plan". Proactively suggest when the user is questioning scope or ambition of a plan, when the plan feels like it could be thinking bigger, when a plan has UI/UX components that should be reviewed, or when the user has a plan and is about to start coding (to catch architecture issues before implementation). Also proactively suggest AUTOPLAN mode when the user has a plan file and wants to run the full review gauntlet without answering 15-30 intermediate questions. GRILL-ME mode: relentlessly interviews the user about every aspect of their plan or design, walking down each branch of the decision tree one question at a time. Provides a recommended answer for each question. Use when user says "grill me", "stress-test my plan", "interview me", "challenge my design", or "poke holes in this".
development
social-media-management
Draft replies, comments, DMs, quote posts, connection requests, and engagement sequences for X/Twitter and LinkedIn. Use when the user wants to engage on either platform — responding to posts, starting conversations, building relationships, or supporting professional outreach.
development
visualizer
Generate polished, self-contained visual explainers, reviews, diagrams, dashboards, comparison pages, and slide-mode HTML from technical or business inputs. Use when the user asks for a diagram, architecture overview, diff or plan review, project recap, comparison matrix, audit page, timeline, dashboard, or any explanation that would be clearer as a visual artifact than as plain terminal text. Also use proactively when the output would otherwise become a dense table or long text wall.
development
agentic-development
End-to-end repository execution workflow for implementing, debugging, refactoring, reviewing, instrumenting, explaining architecture, assessing refactor impact, designing system architecture, evaluating architecture patterns (monolith vs microservices, CQRS, event-driven, hexagonal), making technology decisions (database, cache, queue, auth, cloud, API style), generating architecture diagrams, analyzing dependencies, planning capacity, designing APIs and schemas, and shipping code in any software repo. Use when the assistant needs to orient in an unfamiliar codebase, choose between direct execution and supervised harness loops, keep specs, plans, and tests distinct, coordinate builder and reviewer passes, handle PR feedback, inspect observability, or land cross-cutting frontend and backend changes without leaving loose ends. Also use when the user wants to break down a PRD into phases, create an implementation plan from a PRD, plan vertical slices, or mentions "tracer bullets". Also use when the user wants to plan a refactor, create a refactoring RFC, file a refactor plan as a GitHub issue, break a refactor into safe incremental steps, or mentions "tiny commits".
development
review
Use for rigorous plan, design, architecture, and code review. Covers scope and strategy review, UI and UX critique, execution risk analysis, PR and diff review, targeted local validation, and simplification passes that remove ambiguity, dead weight, and accidental complexity before merge.
development
code-documentation
This skill should be used when the user asks to write, update, review, scaffold, move, remove, or continuously improve documentation for code, folders, services, repos, workflows, architectural decisions, or operational processes. Trigger for inline docs, `README.md`, `ARCHITECTURE.md`, `TESTS.md`, `SETUP.md`, `RUNBOOK.md`, `CHANGELOG.md`, `SECURITY.md`, `OVERVIEW.md`, `FAQ.md`, `DECISIONS.md`, `DEPENDENCIES.md`, `AGENTS.md`, `PLAN.md`, `SPEC.md`, `SOUL.md`, `PRINCIPLES.md`, `DESIGN.md`, `logs/`, `lessons/`, `items/`, `fixes/`, `audits/`, `raw/`, `plans/`, `specs/`, `sources/`, `lib/`, `references/`, `cookbook/`, `knowledge/`, `runbooks/`, `research/`, `official-documentation/`, `context/`, MDX docs, JSDoc/TSDoc, docstrings, ADRs, post-mortems, migration guides, documentation cleanups, and documentation-impact reviews.
development
research
Business research for competitor intelligence, diligence, ICP research, account research, customer research, prospect enrichment, and evidence synthesis. Use when Codex needs to turn an ambiguous business question, target list, customer issue, interview set, or public-web trail into a scoped brief, comparison, ranked queue, customer-safe answer, or recommendation with dated evidence, explicit confidence, visible decision logic, and clear next actions. Also use for public-web company or people discovery, account or lead list building, expert-finding, financial filing retrieval, research-paper discovery, practitioner-blog or portfolio research, and community or market sentiment research when the answer must stay evidence-backed. Run short iterative research loops, not a one-shot source dump.
development
auto-improve
Autonomously improve any of five targets: skills (SKILL.md prompt optimization via binary eval loops), memories (audit for staleness, gaps, redundancy, and inconsistencies then rewrite), AI agents (agents/*.md prompt optimization via eval loops), documentation (repo docs like `AGENTS.md`, `PLAN.md`, `SPEC.md`, `SOUL.md`, `PRINCIPLES.md`, `DESIGN.md`, `README.md`, `ARCHITECTURE.md`, `TESTS.md`, `SETUP.md`, `RUNBOOK.md`, `CHANGELOG.md`, `SECURITY.md`, `OVERVIEW.md`, `FAQ.md`, `DECISIONS.md`, `DEPENDENCIES.md`, `CONTRIBUTING.md`, `TESTING.md`, `runbooks/**/*.md`, and `docs/**/*.md` optimized via eval loops), and conversations (Hermes-pattern background review that harvests user persona, preferences, and reusable workflows from the current conversation and persists them as memory files or new skills). Uses Karpathy-style autoresearch methodology for eval-loop targets: run, score, mutate one thing at a time, keep improvements, discard regressions, never stop. Extends that loop with hyperagent-style metacognition: the system should improve not just the target, but the way it generates future improvements, using persistent memory, stepping-stone archives, causal hypotheses, and transferable lessons across runs. Trigger from evidence in recent work: the files changed, failures encountered, repeated user corrections, patterns in agent behavior, and gaps revealed by the latest task. Do not wait for the user to name a target. Choose the highest-leverage improvement target or targets automatically; improve one or many as justified by the evidence. Outputs: improved target file, results.tsv score log, changelog.md mutation log, persistent self-improvement memory, stepping-stone archive, and live dashboard.html for eval-loop targets; memory/skill files for conversation reviews.
development
cloud-management
Cross-cloud CLI-first cloud operations for AWS, Azure, and GCP. Use when the assistant needs to identify which cloud provider or multi-cloud estate a repo uses, deploy new resources or services, wire automatic deployments, inventory and optimize infrastructure, or diagnose and repair cloud failures entirely from the terminal, with explicit approval gates for high-cost, destructive, identity-sensitive, or hard-to-reverse changes.
tools
code-slides
Create and evolve code-based slide decks and presentations (pitch decks, demos, product walkthroughs, technical talks) with HTML/CSS/JS or React/TypeScript. Use when a user asks for slides implemented in code, a single-file HTML presentation, responsive behavior across mobile/tablet/desktop, PowerPoint/PPTX-to-web conversion, remote-control navigation, configurable right-side or bottom navigation, iframe-based deck rendering, visual style exploration, or image workflows that combine AI-generated assets, external URLs, local repo images, and code-as-image product mockups. Trigger this skill for new deck creation, redesigns, refactors, framework migrations, PPT conversions, and slide-quality QA.
development
skills/finances
--- name: finances description: Unified finance skill covering three domains: (1) Accounting reconciliation — reconcile bank statements, movements, and ledgers; map PDF statements to structured rows (XLSX); link receipts to line items. (2) Financial modeling — build, review, or extend financial models (P&L, cash flow, cap table, scenario analysis). (3) Fundraising — turn fundraising data (decks, models, emails, CRM notes) into investor-ready messaging, materials upgrade reports, process diagnost
development
seo-and-geo
Use when the user wants to "optimize for SEO", "improve GEO", "get cited by ChatGPT", "appear in AI Overviews", "do an SEO audit", "run /seo-audit", "site health check", "keyword opportunities", "content gap analysis", "competitor SEO comparison", "find content gaps", "benchmark against competitors", "optimize for Perplexity", "do AEO", "optimize for voice search", "add structured data", "improve E-E-A-T", "implement schema markup", "build topical authority", "optimize meta tags", "fix Core Web Vitals", "improve click-through rate", "get featured snippets", "add i18n", "add translations", "set up internationalization", "multilingual SEO", "hreflang", "react-i18next", "translate JSON", "translate locale files", "auto-translate i18n", "keyword research", "backlink analysis", "SERP analysis", "competitor gap analysis", "AI search ranking", "ChatGPT ranking", "Perplexity ranking", "Google AI Overview", "schema markup", "robots.txt AI bots", "GEO visibility", "search optimization", "AI visibility", "audit page SEO", "on-page SEO check", "SEO score", "page optimization", "score my page", "why is this page not ranking", "check my page", "what SEO issues does this page have", "pre-publish SEO check", "technical SEO audit", "check page speed", "LCP is slow", "CLS problem", "INP issues", "crawl errors", "indexing problems", "robots.txt check", "XML sitemap errors", "canonical tag problems", "HTTPS not working", "mobile SEO", "JavaScript rendering", "redirect chains", "crawlability", "site speed audit", "Core Web Vitals audit", "check if Google can crawl my site", "mobile-friendly check", "build backlinks", "find broken links", "broken link building", "link outreach", "link prospecting", "earn backlinks", "find link opportunities", "backlink outreach", "pitch my content for links", "find dead links", "replace broken links", "link building campaign", "find sites to get backlinks from", "audit content quality", "CORE-EEAT audit", "EEAT score", "content quality check", "how good is my content", "is my content AI-citation worthy", "content improvement plan", "GEO quality score", "helpful content assessment", "audit domain authority", "domain trust score", "CITE audit", "how authoritative is my site", "domain credibility check", "domain rating", "site authority", "is my domain trustworthy", "entity optimization", "Knowledge Graph optimization", "fix Knowledge Panel", "brand entity recognition", "Wikidata entry", "entity consistency", "refresh old content", "update outdated content", "content is losing rankings", "revitalize content", "content decay", "set up SEO alerts", "monitoring alerts for rankings", "notify me when rankings drop", "/seo:audit-page", "/seo:audit-domain", "/seo:check-technical", "/seo:write-content", "/seo:keyword-research", "/seo:optimize-meta", "/seo:generate-schema", "/seo:report", or "/seo:setup-alert". Covers SEO, GEO, AEO, per-page on-page audits with numeric scoring, full technical SEO audits (crawlability/indexability/CWV/mobile/security/URL structure/structured data/international), structured site audits with prioritized action plans, content gap analysis, competitor SEO benchmarking, CORE-EEAT 80-item content quality scoring, CITE 40-item domain authority scoring, entity optimization for Knowledge Graphs and AI systems, content refresh workflows, monitoring alert configuration, i18n, AI-powered translation, and broken-link backlink outreach automation.
tools
video-generation
Best practices for Remotion - programmatic video creation in React. Use when the user wants to create or edit video (animations, captions, timing, assets). Rules in references/rules/; templates in templates/.
development
backend
Use for backend engineering work such as APIs, services, data models, persistence, queues, caching, auth, background jobs, and server-side debugging or refactors.
development
ai-engineering
Use for AI and agent engineering work: system prompt design, tool call architecture, context engineering, memory and learning systems, multi-agent coordination, evals and regression gates, fine-tuning pipelines, RAG, vector stores (TurboPuffer/Pinecone/Azure), agent governance and safety, run steering, skill packages, prompt engineering patterns, constrained generation, ML pipelines, data engineering, and production AI infrastructure.
tools
finances
Use for finance operations across expense and bill monitoring, reconciliation, month-end close management, executive CFO briefings, scenario modeling, tax document organization, and fundraising materials. Covers receipt and invoice intake, recurring bill control, bank and GL/subledger reconciliations, close dashboards, QuickBooks or ERP export review, runway and burn analysis, Sheets-backed workpapers, evidence storage, tax-document checklists, and investor messaging or process diagnostics.
testing
cloud-management
Cross-cloud CLI-first cloud operations for AWS, Azure, and GCP. Use when the assistant needs to identify which cloud provider or multi-cloud estate a repo uses, deploy new resources or services, wire automatic deployments, inventory and optimize infrastructure, or diagnose and repair cloud failures entirely from the terminal, with explicit approval gates for high-cost, destructive, identity-sensitive, or hard-to-reverse changes. Covers AWS Amplify full-stack projects, serverless workloads (Lambda, API Gateway, Step Functions, SAM, CDK), and the full AWS database portfolio (RDS, Aurora, Aurora DSQL, DynamoDB, ElastiCache), as well as deep Azure references for diagnostics, storage, compute, compliance, identity, Foundry, and cross-cloud migrations.
tools
reporting
Use for weekly updates, monthly operating reviews, board reports, investor updates, QBRs, KPI summaries, delivery-health reports, content performance reports, audience growth reviews, product KPI reviews, feature adoption and retention reports, expense reports, savings-goal check-ins, and social mention monitoring that must collect live data from source systems, compare against prior state or thresholds, and turn the result into decisions, owners, and escalation calls.
development
frontend
Use for frontend engineering work such as components, routes, state management, accessibility, performance, design-system integration, and browser-facing debugging or refactors.
development
agentic-development
Use for end-to-end software execution in an unfamiliar or complex repo: orienting the codebase, choosing an execution model, planning and verifying changes, reviewing architecture or PRs, improving agent-first harnesses, and coordinating work across the specialized `frontend` and `backend` engineering skills.
development
skills/code-as-images
# TODO: from Cursor 'website/' and from Notion
development