FerranGuardia/ferran-task
global/skills/ferran-task/SKILL.md
Ferran's task protocol. Creates well-structured, scoped task files — the atomic unit of work for one agent session. Part of the Ferran series: /ferran-e2e (testing), /ferran-plan (project planning).
testing
Updated Apr 21, 2026
$ install --global
skillsauthnpx skillsauth add FerranGuardia/claude-autonomous-setup ferran-taskInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 2:51 AM173.7s1 file scanned
SKILL.md
- name:
- ferran-task
- description:
- Ferran's task protocol. Creates well-structured, scoped task files — the atomic unit of work for one agent session. Part of the Ferran series: /ferran-e2e (testing), /ferran-plan (project planning).
Ferran's Task Protocol
One skill, one job: create good task files. A task file defines a single unit of work — clear enough that an agent (or a human) can pick it up cold and know exactly what to do, why, and how to verify it's done.
When to invoke
/ferran-task new— create a new task file/ferran-task done— mark a task as DONE (completion protocol)
Ferran series:
/ferran-plancreates the backlog that feeds tasks./ferran-e2ehandles testing methodology. Commit discipline lives in a separate skill.
$ARGUMENTS
Rules
-
Read before write. Before creating a task, read the project's CLAUDE.md for conventions (prefix, tracking file path). Read the relevant source files. A task written blind is a task that misses context.
-
One task = one sitting. A task should be completable in a single agent session (~30min–3h). If it's bigger, break it up. If it's smaller, it might not need a task file.
-
Scope is king. The "Not in scope" section is as important as the "What" section. Ambiguity in scope is where tasks bloat.
-
Validation = evidence. Every validation item must be verifiable. When marking done, add an inline note after
—explaining HOW it was satisfied, not just that it was. -
Track time. Started when work begins, Finished when work ends. Use the system clock, never estimate. Unix:
date '+%Y-%m-%d %H:%M'| Windows:powershell -Command "Get-Date -Format 'yyyy-MM-dd HH:mm'" -
Keep the INDEX current. The project's task index (wherever it lives) must reflect the new task when created and its status when done.
Project Conventions
Each project defines these in its CLAUDE.md. Read them before creating the first task:
- Task ID prefix (e.g.,
ORGfor Organizacion,RLfor Relcom) - Tracking file path (e.g.,
tasks/INDEX.md,BACKLOG.md) - Task file location (default: project's task directory)
Task Template
# {PREFIX}-NNN: Short imperative description
**Status:** PENDING
**Depends on:** {PREFIX}-XXX (reason) | None
**Tracking:** path/to/INDEX or backlog
**Started:** —
**Finished:** —
---
> **In plain English:** One paragraph explaining the task to a non-technical person.
> What are we doing, and why does it matter?
---
## What
Concrete deliverables. What gets created or changed.
- Item 1
- Item 2
## Why
Rationale. Why this task matters now. What gap does it fill?
## Where
- **Read:** Source files to consult before starting
- **Write:** Files to create or modify
## Output
Expected result — API response shape, file structure, behavior description.
Concrete enough that validation can check against it.
> Omit for small tasks where What already covers it.
## Validation
- [ ] Domain-specific check 1
- [ ] Domain-specific check 2
- [ ] ...
- [ ] INDEX updated
- [ ] Task file updated: Status → DONE, all items checked with evidence
---
## Not in scope
- What this task explicitly does NOT cover
- Cross-reference the task that handles it: (that's {PREFIX}-XXX)
Completion Protocol (/ferran-task done)
When a task is finished:
- Read the system clock → write
**Finished:** YYYY-MM-DD HH:MM - Set
**Status:** DONE - Check off every validation item (
- [x]) with evidence note:- [x] API returns JSON for all projects — tested with 6 project docs, all parsed correctly - Update the INDEX with status and completion date
- Verify — re-read every
- [x]. If any isn't genuinely satisfied, uncheck and fix first.
Related Skills
FerranGuardia/skills/testing/vitest-api-testing
development
VerifiedTrustedCommunity
# API Test Suite Builder **Tier:** POWERFUL **Category:** Engineering **Domain:** Testing / API Quality --- ## Overview Scans API route definitions across frameworks (Next.js App Router, Express, FastAPI, Django REST) and auto-generates comprehensive test suites covering auth, input validation, error codes, pagination, file uploads, and rate limiting. Outputs ready-to-run test files for Vitest+Supertest (Node) or Pytest+httpx (Python). --- ## Core Capabilities - **Route detection** — scan
SKILL.mdUpdated Apr 22, 2026
FerranGuardia/test-driven-development
development
VerifiedTrustedCommunity
Use when implementing any feature or bugfix, before writing implementation code
SKILL.mdUpdated Apr 22, 2026
FerranGuardia/webapp-testing
tools
VerifiedTrustedCommunity
Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.
SKILL.mdUpdated Apr 22, 2026
FerranGuardia/security-hardening
testing
VerifiedTrustedCommunity
Application security covering input validation, auth, headers, secrets management, and dependency auditing
SKILL.mdUpdated Apr 22, 2026