foutoucour
66 verified skills
code-reviewer
Review code changes, diffs, or pull requests for bugs, security issues, and best practice violations. Use after code changes or before merging PRs.
development
finops
Orchestrate all FinOps skills - cost optimization, tagging audit, waste detection, and budget forecasting. Use for a full cloud cost assessment.
testing
value-prioritization
Data-driven backlog prioritization using WSJF, RICE, value/effort matrix, and dependency analysis.
data-ai
code-reviewer
Review code changes, diffs, or pull requests for bugs, security issues, and best practice violations. Use after code changes or before merging PRs.
development
finops
Orchestrate all FinOps skills - cost optimization, tagging audit, waste detection, and budget forecasting. Use for a full cloud cost assessment.
testing
market-analysis
Analyze competitive landscape, differentiation, trends, and build-vs-buy to inform product decisions.
development
observability-design
Design observability blueprints — structured logging, metrics, distributed tracing, alerting, and dashboards for every service.
testing
tagging-audit
Audit cloud resources for cost allocation tag compliance. Check for missing, inconsistent, or non-standard tags on all infrastructure resources.
testing
pentest-web
Simulate web penetration testing for auth bypass, IDOR, privilege escalation, SSRF, rate-limit bypass, JWT attacks, API abuse, and business logic flaws.
development
skill-creator
Meta-skill to generate new SKILL.md files for the BMAD template system. Creates well-structured skills with proper frontmatter and instructions.
tools
secret-rotation
Validate secret storage practices and rotation policies. Check for secrets in code, Vault usage, and rotation schedules.
development
value-prioritization
Data-driven backlog prioritization using WSJF, RICE, value/effort matrix, and dependency analysis.
data-ai
code-security-audit
Scan application code for OWASP Top 10 vulnerabilities, injection flaws, XSS, CSRF, hardcoded secrets, and unsafe cryptography.
development
observability-design
Design observability blueprints — structured logging, metrics, distributed tracing, alerting, and dashboards for every service.
testing
acceptance-validator
Validate completed work against acceptance criteria, architecture design, and customer requirements. Use as a quality gate before marking stories as passed.
testing
accessibility-audit
Audit frontend code for WCAG 2.1 AA compliance including ARIA, keyboard navigation, contrast, and screen reader compatibility.
development
code-security-audit
Scan application code for OWASP Top 10 vulnerabilities, injection flaws, XSS, CSRF, hardcoded secrets, and unsafe cryptography.
development
cost-optimization
Review infrastructure code for cloud cost optimization opportunities including rightsizing, auto-scaling, reserved instances, spot instances, and storage tiering.
development
git-commit-helper
Generate conventional commit messages from staged git changes. Use after staging files before committing.
tools
infra-security-audit
Audit cloud and infrastructure configurations for open security groups, missing encryption, excessive permissions, and missing WAF or rate limiting.
testing
market-analysis
Analyze competitive landscape, differentiation, trends, and build-vs-buy to inform product decisions.
development
performance-audit
Audit application code for performance issues including N+1 queries, bundle size, caching, lazy loading, and connection pooling.
development
security
Orchestrate all security skills - code audit, infra audit, auth review, secret rotation, and pentest. Use for a full security assessment.
development
skill-creator
Meta-skill to generate new SKILL.md files for the BMAD template system. Creates well-structured skills with proper frontmatter and instructions.
tools
tagging-audit
Audit cloud resources for cost allocation tag compliance. Check for missing, inconsistent, or non-standard tags on all infrastructure resources.
testing
technical-debt-radar
Identify, quantify, and communicate technical debt so it becomes negotiable with PO/TL — code smells, dependency health, architecture erosion, test and doc debt.
development
terraform-review
Review Terraform code for module structure, state management, provider versioning, security, and operational best practices.
development
test-generator
Generate unit and integration tests for project code. Use when new code is written or test coverage needs improvement.
development
test-check
For each modified function, find or create its test, run it, and update it only if the function contract changed intentionally. Never silently adjust tests to make failures disappear.
testing
terraform-review
Review Terraform code for module structure, state management, provider versioning, security, and operational best practices.
development
technical-debt-radar
Identify, quantify, and communicate technical debt so it becomes negotiable with PO/TL — code smells, dependency health, architecture erosion, test and doc debt.
development
stakeholder-challenge
Structure critical dialogue between PO, Tech Lead, and Architect to challenge assumptions, priorities, and feasibility.
tools
security
Orchestrate all security skills - code audit, infra audit, auth review, secret rotation, and pentest. Use for a full security assessment.
development
readme-updater
Update project README based on current project structure and code. Use when project structure changes.
development
performance-audit
Audit application code for performance issues including N+1 queries, bundle size, caching, lazy loading, and connection pooling.
development
infra-security-audit
Audit cloud and infrastructure configurations for open security groups, missing encryption, excessive permissions, and missing WAF or rate limiting.
testing
dependency-auditor
Audit project dependencies for vulnerabilities, outdated versions, license compatibility, and supply-chain risk. Use before releases or periodically.
testing
database-review
Review database schema, indexing strategy, query performance, and migration safety for relational and NoSQL databases.
data-ai
cross-cutting-review
Multi-domain review across performance, security, operations, reliability, and data axes for changes that span concerns.
testing
cost-optimization
Review infrastructure code for cloud cost optimization opportunities including rightsizing, auto-scaling, reserved instances, spot instances, and storage tiering.
development
client-advocacy
Decompose client requests into real needs, challenge assumptions, protect scope and IP.
tools
auth-review
Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.
content-media
api-documenter
Generate API documentation from code endpoints. Use when APIs are added or changed to produce Markdown or OpenAPI docs.
development
accessibility-audit
Audit frontend code for WCAG 2.1 AA compliance including ARIA, keyboard navigation, contrast, and screen reader compatibility.
development
acceptance-validator
Validate completed work against acceptance criteria, architecture design, and customer requirements. Use as a quality gate before marking stories as passed.
testing
api-documenter
Generate API documentation from code endpoints. Use when APIs are added or changed to produce Markdown or OpenAPI docs.
development
cross-cutting-review
Multi-domain review across performance, security, operations, reliability, and data axes for changes that span concerns.
testing
database-review
Review database schema, indexing strategy, query performance, and migration safety for relational and NoSQL databases.
data-ai
dependency-auditor
Audit project dependencies for vulnerabilities, outdated versions, license compatibility, and supply-chain risk. Use before releases or periodically.
testing
budget-forecast
Estimate monthly cloud costs from infrastructure-as-code definitions and provide budget forecasting with cost breakdown by service, environment, and team.
development
budget-forecast
Estimate monthly cloud costs from infrastructure-as-code definitions and provide budget forecasting with cost breakdown by service, environment, and team.
development
waste-detection
Detect cloud resource waste including idle instances, unattached volumes, orphaned snapshots, unused Elastic IPs, and over-provisioned dev/staging environments.
development
waste-detection
Detect cloud resource waste including idle instances, unattached volumes, orphaned snapshots, unused Elastic IPs, and over-provisioned dev/staging environments.
development
git-commit-helper
Generate conventional commit messages from staged git changes. Use after staging files before committing.
tools
performance-mindset
Guide developers to think about performance as they code — algorithmic complexity, memory, I/O, caching, lazy evaluation, and profiling discipline.
development
performance-mindset
Guide developers to think about performance as they code — algorithmic complexity, memory, I/O, caching, lazy evaluation, and profiling discipline.
development
readme-updater
Update project README based on current project structure and code. Use when project structure changes.
development
auth-review
Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.
content-media
pentest-web
Simulate web penetration testing for auth bypass, IDOR, privilege escalation, SSRF, rate-limit bypass, JWT attacks, API abuse, and business logic flaws.
development
secret-rotation
Validate secret storage practices and rotation policies. Check for secrets in code, Vault usage, and rotation schedules.
development
threat-model
Perform STRIDE threat modeling on application architecture to identify spoofing, tampering, repudiation, info disclosure, DoS, and elevation of privilege threats.
data-ai
threat-model
Perform STRIDE threat modeling on application architecture to identify spoofing, tampering, repudiation, info disclosure, DoS, and elevation of privilege threats.
data-ai
test-check
For each modified function, find or create its test, run it, and update it only if the function contract changed intentionally. Never silently adjust tests to make failures disappear.
testing
test-generator
Generate unit and integration tests for project code. Use when new code is written or test coverage needs improvement.
development
client-advocacy
Decompose client requests into real needs, challenge assumptions, protect scope and IP.
tools
stakeholder-challenge
Structure critical dialogue between PO, Tech Lead, and Architect to challenge assumptions, priorities, and feasibility.
tools