kcenon/project-workflow
project/.claude/skills/project-workflow/SKILL.md
Provides workflow guidelines for problem-solving, git commits, GitHub issues, PRs, build management, and testing. Use when planning tasks, creating issues, submitting PRs, managing builds, or writing tests.
$ install --global
skillsauthnpx skillsauth add kcenon/claude-config project-workflowInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 6:50 AM4.5s11 files scanned
SKILL.md
- name:
- project-workflow
- description:
- Provides workflow guidelines for problem-solving, git commits, GitHub issues, PRs, build management, and testing. Use when planning tasks, creating issues, submitting PRs, managing builds, or writing tests.
- model:
- sonnet
Project Workflow Skill
When to Use
- Planning and organizing tasks
- Creating GitHub issues or PRs
- Writing commit messages
- Managing builds and dependencies
- Setting up testing infrastructure
Reference Documents (Import Syntax)
Workflow
@./reference/principles.md @./reference/workflow-problem-solving.md @./reference/performance-analysis.md
GitHub
@./reference/github-issue-5w1h.md @./reference/github-pr-5w1h.md @./reference/git-commit-format.md
Project Management
@./reference/problem-solving.md @./reference/build.md @./reference/testing.md
Core Principles
- Systematic approach: Follow procedures step by step
- Minimal changes: Modify existing files, create new ones only when necessary
- Conventional commits: Use proper type(scope): description format
- 5W1H framework: Apply What, Why, Who, When, Where, How for issues and PRs
- Layered testing: Unit tests (many) -> Integration tests (some) -> E2E tests (few)
Related Skills
kcenon/traceability
development
VerifiedTrustedCommunity
Generate and validate the bidirectional traceability matrix linking requirements, design, code, tests, risk records, and standard clauses. Consumes docs/.index/{manifest,bundles,graph,router}.yaml plus an optional compliance/ directory and produces docs/.index/traceability.yaml (machine-readable) and docs/.index/traceability.md (human-readable). Read-mostly: writes only the two trace artifacts and never mutates source documents. Opt-in — no-op when docs/.index/graph.yaml is absent so non-regulated repos are unaffected.
2SKILL.mdUpdated Jun 9, 2026
kcenon/soup-inventory
development
VerifiedTrustedCommunity
Maintain a SOUP (Software Of Unknown Provenance) register for every third-party software item the project depends on. Discovers candidates from lockfiles (package-lock.json, go.sum, Cargo.lock, requirements.txt, pyproject.toml, pom.xml, packages.lock.json), enriches with human-supplied risk class and verification refs, validates against a license allow-list and the requirements catalogue, and emits a per-supplier report. Outputs docs/.index/soup.yaml plus docs/.index/soup.md. Subcommands: discover | enrich | validate | list | report. Bidirectional linking with traceability via the soup_ids[] field on requirement rows. Opt-in: no-op when no lockfile is detected and docs/.index/soup.yaml is absent. Atomic writes (*.tmp + rename); idempotent (records sorted by id). Implements IEC 62304 sections 5.3.3 (SOUP requirements) and 8.1.1 (configuration items).
2SKILL.mdUpdated Jun 9, 2026
kcenon/sonar-fix
devops
VerifiedTrustedCommunity
Parse sonarcloud[bot] PR comments, classify findings, codify whitelisted auto-fixes, escalate the rest.
2SKILL.mdUpdated Jun 9, 2026
kcenon/risk-control
testing
VerifiedTrustedCommunity
Manage Hazard and Risk records for projects on the regulated-industry track. Maintains a single normalized risk file (docs/.index/risk-file.yaml) holding hazard identification, initial and residual risk estimates, control measures with verification links, and bidirectional Risk<->Requirement linking via the requirements[] field. Subcommands: add | edit | evaluate | validate | list. Output is consumed by the traceability skill (matrix risk_ids[] field) and the evidence-pack skill (risk_file kind). Opt-in: no-op when docs/.index/manifest.yaml is absent so non-regulated repos are unaffected. Atomic writes via *.tmp + rename; idempotent for diffability. Implements ISO 14971 sections 5-9 operationally.
2SKILL.mdUpdated Jun 9, 2026