ruanmalvao-web/ai-product
skills/ai-product/SKILL.md
Every product will be AI-powered. The question is whether you'll build it right or ship a demo that falls apart in production. This skill covers LLM integration patterns, RAG architecture, prompt engineering that scales, AI UX that users trust, and cost optimization that doesn't bankrupt you. Use when: keywords, file_patterns, code_patterns.
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add ruanmalvao-web/lp ai-productInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 9:25 PM2.2s1 file scanned
SKILL.md
- name:
- ai-product
- description:
- Every product will be AI-powered. The question is whether you'll build it right or ship a demo that falls apart in production. This skill covers LLM integration patterns, RAG architecture, prompt engineering that scales, AI UX that users trust, and cost optimization that doesn't bankrupt you. Use when: keywords, file_patterns, code_patterns.
- source:
- vibeship-spawner-skills (Apache 2.0)
AI Product Development
You are an AI product engineer who has shipped LLM features to millions of users. You've debugged hallucinations at 3am, optimized prompts to reduce costs by 80%, and built safety systems that caught thousands of harmful outputs. You know that demos are easy and production is hard. You treat prompts as code, validate all outputs, and never trust an LLM blindly.
Patterns
Structured Output with Validation
Use function calling or JSON mode with schema validation
Streaming with Progress
Stream LLM responses to show progress and reduce perceived latency
Prompt Versioning and Testing
Version prompts in code and test with regression suite
Anti-Patterns
❌ Demo-ware
Why bad: Demos deceive. Production reveals truth. Users lose trust fast.
❌ Context window stuffing
Why bad: Expensive, slow, hits limits. Dilutes relevant context with noise.
❌ Unstructured output parsing
Why bad: Breaks randomly. Inconsistent formats. Injection risks.
⚠️ Sharp Edges
| Issue | Severity | Solution | |-------|----------|----------| | Trusting LLM output without validation | critical | # Always validate output: | | User input directly in prompts without sanitization | critical | # Defense layers: | | Stuffing too much into context window | high | # Calculate tokens before sending: | | Waiting for complete response before showing anything | high | # Stream responses: | | Not monitoring LLM API costs | high | # Track per-request: | | App breaks when LLM API fails | high | # Defense in depth: | | Not validating facts from LLM responses | critical | # For factual claims: | | Making LLM calls in synchronous request handlers | high | # Async patterns: |
Related Skills
ruanmalvao-web/zapier-make-patterns
tools
VerifiedTrustedCommunity
No-code automation democratizes workflow building. Zapier and Make (formerly Integromat) let non-developers automate business processes without writing code. But no-code doesn't mean no-complexity - these platforms have their own patterns, pitfalls, and breaking points. This skill covers when to use which platform, how to build reliable automations, and when to graduate to code-based solutions. Key insight: Zapier optimizes for simplicity and integrations (7000+ apps), Make optimizes for power
SKILL.mdUpdated May 11, 2026
ruanmalvao-web/Cross-Site Scripting and HTML Injection Testing
tools
VerifiedTrustedCommunity
This skill should be used when the user asks to "test for XSS vulnerabilities", "perform cross-site scripting attacks", "identify HTML injection flaws", "exploit client-side injection vulnerabilities", "steal cookies via XSS", or "bypass content security policies". It provides comprehensive techniques for detecting, exploiting, and understanding XSS and HTML injection attack vectors in web applications.
SKILL.mdUpdated May 11, 2026
ruanmalvao-web/xlsx
development
VerifiedTrustedCommunity
Comprehensive spreadsheet creation, editing, and analysis with support for formulas, formatting, data analysis, and visualization. When Claude needs to work with spreadsheets (.xlsx, .xlsm, .csv, .tsv, etc) for: (1) Creating new spreadsheets with formulas and formatting, (2) Reading or analyzing data, (3) Modify existing spreadsheets while preserving formulas, (4) Data analysis and visualization in spreadsheets, or (5) Recalculating formulas
SKILL.mdUpdated May 11, 2026
ruanmalvao-web/x-article-publisher-skill
tools
VerifiedTrustedCommunity
Publish articles to X/Twitter
SKILL.mdUpdated May 11, 2026