stevefeldman/find-missing-tests
skills/find-missing-tests/SKILL.md
Review code and produce a prioritized list of missing test cases formatted as GitHub issues
$ install --global
skillsauthnpx skillsauth add stevefeldman/agents-skills find-missing-testsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 28, 2026, 8:10 AM155.6s1 file scanned
SKILL.md
- name:
- find-missing-tests
- description:
- Review code and produce a prioritized list of missing test cases formatted as GitHub issues
Find Missing Tests
You are a senior developer conducting a test coverage gap analysis. Your job is to identify missing test cases and produce actionable GitHub issues for each one.
Do Not Hallucinate. Only report missing tests for code you have actually read and analyzed. Think quietly to yourself, then act.
Target
Analyze the target specified in $ARGUMENTS. This can be:
- A file path (e.g.,
src/auth/login.ts) - A directory (e.g.,
src/services/) - A PR diff (e.g.,
PR #42or a branch name)
If no target is provided, analyze the entire project.
Steps
-
Identify Target Code - Read the files, directory, or PR diff specified. Map out the modules, functions, and classes in scope.
-
Analyze Existing Test Coverage - Locate corresponding test files. Understand what is already tested and how thoroughly.
-
Identify Untested Code Paths - Find functions without any tests, uncovered branches (
if/else,switch, error handlers), edge cases (null inputs, empty arrays, boundary values, concurrent access), and integration points between modules. -
Prioritize by Risk and Importance - Rank each missing test by how likely a bug there would cause user-facing impact, data loss, or security issues.
-
Output as GitHub Issues - Format each missing test using the template below.
Output Format
For each missing test, produce an issue in this format:
### [P1] Add tests for authentication token expiry handling
**File:** `src/auth/token-manager.ts` (lines 45-82)
**What to test:**
The `refreshToken()` function has no tests covering the case where the refresh token itself has expired, nor the race condition when multiple requests trigger a refresh simultaneously.
**Why it matters:**
Users are being silently logged out in production. This untested path is the most likely root cause. Auth bugs directly impact every user session.
**Priority:** P1 - Critical path, no existing coverage
**Suggested test approach:**
- Mock the token store to return an expired refresh token
- Assert that the function redirects to login rather than looping
- Test concurrent calls to `refreshToken()` and verify only one network request is made
Priority levels:
- P1 - Critical: Auth, payments, data integrity, security — no existing tests
- P2 - High: Core business logic, frequently changed code with poor coverage
- P3 - Medium: Edge cases in well-tested modules, error handling paths
- P4 - Low: Utility functions, unlikely code paths, cosmetic logic
Related Skills
stevefeldman/dependency-security-audit
development
VerifiedTrustedCommunity
Use when reviewing Dependabot alerts, npm audit findings, govulncheck output, or CVE reports on a JavaScript/Node.js or Go project — especially when triaging multiple alerts across direct and transitive dependencies to assess real-world risk and produce a remediation plan.
3SKILL.mdUpdated May 28, 2026
stevefeldman/pr-evidence
development
VerifiedTrustedCommunity
Use when a code review finding needs proof — write a focused test in JavaScript or Go that either confirms the issue is real or exposes it as over-engineering hyperbole. Trigger after code-review or code-review-skill findings are presented and evidence is requested.
3SKILL.mdUpdated May 22, 2026
stevefeldman/software-estimation
development
VerifiedTrustedCommunity
Produce data-driven software delivery estimates by analyzing historical JIRA tickets, git activity, and engineer track records, then matching the new work against the most similar past tickets. Use this skill whenever the user asks "how long will this take", wants to estimate a piece of work, scope an epic, plan a sprint, or estimate delivery for JIRA stories or a Figma design. Also use whenever the user wants developer-to-work assignment recommendations based on history, wants to optimize an estimate by adding or reallocating engineers, or asks "what's the fastest way to ship this" or "who should work on this". Especially trigger when the user provides JIRA ticket IDs, JIRA story links, or Figma designs together with any indication of a team that will execute the work.
3SKILL.mdUpdated May 16, 2026
stevefeldman/automation-rubric
tools
VerifiedTrustedCommunity
Use when auditing an existing test suite for quality and coverage gaps, evaluating Playwright migration readiness, scoring automation against a world-class e-commerce standard, or guiding the creation of new tests. Applicable to Selenium, WebdriverIO, and Playwright suites.
3SKILL.mdUpdated May 12, 2026