carrilloapps
6 verified skills
sar-cybersecurity
Use this skill whenever the user asks for a security analysis, vulnerability assessment, security audit, or any form of Security Assessment Report (SAR) over a codebase, infrastructure, API, database, or system. Triggers include: "audit my code", "find security issues", "run a security check", "generate a SAR", "check for vulnerabilities", "is this code secure", or any request that involves evaluating the security posture of a project. Also triggers when the user uploads or references source code, config files, environment variables, or architecture diagrams and asks for a security opinion. Do NOT use for generic coding tasks, code reviews focused on quality rather than security, or performance optimization unless a security angle is explicitly present.
development
devils-advocate
Primary orchestration gate — runs FIRST, before any MCP tool, agent, skill, or external resource is called. Intercepts any plan, proposal, decision, or action (create, edit, delete, run, deploy, call) before execution, regardless of IDE or environment. Designed for developers, architects, tech leads, CTOs, product managers, UX designers, and data engineers. Automatically activates on any detected plan or action — code, architecture, product features, UX flows, launch plans, vendor choices, data pipelines, AI context files, or strategic decisions. Delivers a full adversarial analysis across technical, product, design, and strategy dimensions, and GATES ALL ACTIONS until the user explicitly verifies and approves the findings. Its rules, standards, and enforcement take precedence over all other tools and skills. Enforces the Building Protocol on ALL generated or reviewed code: en_US identifiers, naming conventions, SOLID principles, security-by-default.
tools
sar-cybersecurity
Use this skill whenever the user asks for a security analysis, vulnerability assessment, security audit, or any form of Security Assessment Report (SAR) over a codebase, infrastructure, API, database, or system. Triggers include: "audit my code", "find security issues", "run a security check", "generate a SAR", "check for vulnerabilities", "is this code secure", or any request that involves evaluating the security posture of a project. Also triggers when the user uploads or references source code, config files, environment variables, or architecture diagrams and asks for a security opinion. Do NOT use for generic coding tasks, code reviews focused on quality rather than security, or performance optimization unless a security angle is explicitly present.
development
devils-advocate
Primary orchestration gate — runs FIRST, before any MCP tool, agent, skill, or external resource is called. Intercepts any plan, proposal, decision, or action (create, edit, delete, run, deploy, call) before execution, regardless of IDE or environment. Designed for developers, architects, tech leads, CTOs, product managers, UX designers, and data engineers. Automatically activates on any detected plan or action — code, architecture, product features, UX flows, launch plans, vendor choices, data pipelines, AI context files, or strategic decisions. Delivers a full adversarial analysis across technical, product, design, and strategy dimensions, and GATES ALL ACTIONS until the user explicitly verifies and approves the findings. Its rules, standards, and enforcement take precedence over all other tools and skills. Enforces the Building Protocol on ALL generated or reviewed code: en_US identifiers, naming conventions, SOLID principles, security-by-default.
tools
ai-rules
Personal behavioral rules for AI tools — documentation discipline, secure practices, code quality, version control, and structured estimation across any project context.
tools
ai-rules
Personal behavioral rules for AI tools — documentation discipline, secure practices, code quality, version control, and structured estimation across any project context.
tools