Skip to content

Skill Catalog

Browse 4,314 curated AI agent skills. No account needed.

Presentations & Documents

Software Engineering

Tempo

Designing scheduling and time-aware logic for cron, timezone/DST, retry/backoff, and business-calendar systems. Use when schedule design is needed.

#broad-capability#development#securitySoftware Engineering

Temporal Python Testing

Test Temporal workflows with pytest, time-skipping, and mocking strategies. Covers unit testing, integration testing, replay testing, and local development setup. Use when implementing Temporal workflow tests or debugging test failures.

#broad-capability#engineering#agent-skillsSoftware Engineering

Temporary ID Safe Output

Add temporary ID support to safe-output jobs end to end.

#broad-capability#agentic-workflows#github-actionsSoftware Engineering

Terminal Helper

Fast terminal syntax and command helper for PowerShell and Bash

#github-copilot#backend#developmentSoftware Engineering

Terraform Style Guide

Generate Terraform HCL code following HashiCorp's official style conventions and best practices. Use when writing, reviewing, or generating Terraform configurations.

#terraform#packer#infrastructure-as-codeSoftware Engineering

Terraform Test

Comprehensive guide for writing and running Terraform tests. Use when creating test files (.tftest.hcl), writing test scenarios with run blocks, validating infrastructure behavior with assertions, mocking providers and data sources, testing module outputs and resource configurations, or troubleshooting Terraform test syntax and execution.

#terraform#packer#infrastructure-as-codeSoftware Engineering

Testcafe Skill

Generates TestCafe automation tests in JavaScript or TypeScript. Supports local and TestMu AI cloud. Triggers on: "TestCafe", "test cafe", "fixture/test".

#testing#automationSoftware Engineering

Testcontainers Dotnet

A comprehensive guide for using Testcontainers for .NET (4.10.0+) to write reliable integration tests with Docker containers in .NET projects. Supports 65+ pre-configured modules for databases, message queues, cloud services, and more.

#testing#containersSoftware Engineering

Testcontainers Go

A comprehensive guide for using Testcontainers for Go to write reliable integration tests with Docker containers in Go projects. Supports 62+ pre-configured modules for databases, message queues, cloud services, and more. Use this skill when writing Go integration tests, setting up test databases (PostgreSQL, MySQL, Redis, MongoDB), testing with message queues (Kafka, RabbitMQ), or creating container-based test infrastructure. Covers modules, generic containers, networking, cleanup, wait strategies, CI/CD integration, and common anti-patterns.

#testing#containersSoftware Engineering

Test Driven Development

Drives development with tests. Use when implementing any logic, fixing any bug, or changing any behavior. Use when you need to prove that code works, when a bug report arrives, or when you're about to modify existing functionality.

#engineering#software-engineering#testingSoftware Engineering

Test Driven Development

TDD: enforce RED-GREEN-REFACTOR, tests before code.

#broad-capability#development#creativeSoftware Engineering

Test Driven Development

Use when implementing any feature or bugfix, before writing implementation code

#broad-capability#agent-skills#designSoftware Engineering

Test Fixing

Run tests and systematically fix all failing tests using smart error grouping. Use when user asks to fix failing tests, mentions test failures, runs test suite and failures occur, or requests to make tests pass.

#broad-capability#engineering-workflow#productivitySoftware Engineering

Test Framework Migration Skill

Migrates and converts test automation scripts between Selenium, Playwright, Puppeteer, and Cypress. Use when the user asks to migrate, convert, or port tests from one framework to another; rewrite tests in a different framework; or switch from Selenium to Playwright, Playwright to Selenium, Puppeteer to Playwright, Cypress to Playwright, or vice versa. Triggers on: "migrate", "convert", "port", "selenium to playwright", "playwright to selenium", "puppeteer to playwright", "cypress to playwright", "rewrite tests in", "switch from [framework] to [framework]".

#testing#automationSoftware Engineering

Testing Coach

Accessibility testing coach for web applications. Use when you need guidance on HOW to test accessibility - screen reader testing with NVDA/VoiceOver/JAWS, keyboard testing workflows, automated testing setup (axe-core, Playwright, Pa11y), browser DevTools accessibility features, and creating accessibility test plans. Does not write product code - teaches and guides testing practices.

#broad-capability#accessibility#a11ySoftware Engineering

Test Master

Generates test files, creates mocking strategies, analyzes code coverage, designs test architectures, and produces test plans and defect reports across functional, performance, and security testing disciplines. Use when writing unit tests, integration tests, or E2E tests; creating test strategies or automation frameworks; analyzing coverage gaps; performance testing with k6 or Artillery; security testing with OWASP methods; debugging flaky tests; or working on QA, regression, test automation, quality gates, shift-left testing, or test maintenance.

#engineering#full-stack#testingSoftware Engineering

Testng Skill

Generates TestNG tests in Java with groups, data providers, parallel execution, XML suite configuration, and listeners. Use when user mentions "TestNG", "@DataProvider", "testng.xml", "groups". Triggers on: "TestNG", "@DataProvider", "testng.xml", "TestNG suite", "parallel tests Java".

#testing#automationSoftware Engineering

Test Scenarios

Create comprehensive test scenarios from user stories with test objectives, starting conditions, user roles, step-by-step actions, and expected outcomes. Use when writing QA test cases, creating test plans, defining acceptance tests, or preparing for feature validation.

#work-life#productivity#product-managementSoftware Engineering

Testunit Skill

Generates Test::Unit tests in Ruby. Classic xUnit-style testing with assert methods and test case classes. Use when user mentions "Test::Unit", "assert_equal Ruby", "Ruby test-unit". Triggers on: "Test::Unit", "Ruby test-unit", "assert_equal Ruby" (not RSpec).

#testing#automationSoftware Engineering

Text Quality Reviewer

Non-visual text quality reviewer for web applications. Use when reviewing any page, component, or template for low-quality alt text, aria-labels, or button names. Detects template variables ({0}, {{var}}), code syntax in text attributes (property.alttext), placeholder text as labels, typos in short accessible names, whitespace-only names, and duplicate control labels. Enforces WCAG 1.1.1 (Non-text Content), 4.1.2 (Name, Role, Value), and 2.5.3 (Label in Name). Applies to any web framework or vanilla HTML/CSS/JS.

#broad-capability#accessibility#a11ySoftware Engineering

Ticket Craft

Create Jira/Asana/Linear tickets optimized for Claude Code execution - AI-native ticket writing

#claude-bootstrap#bootstrap#projectSoftware Engineering

Tmux

Control tmux sessions/panes for interactive CLIs: list, capture output, send keys, paste text, monitor prompts.

#broad-capability#browser#automationSoftware Engineering

To Issues

Break a plan, spec, or PRD into independently-grabbable issues on the project issue tracker using tracer-bullet vertical slices.

#broad-capability#typescript#engineeringSoftware Engineering

Tool Design for Agents

Design every tool as a contract between a deterministic system and a non-deterministic agent. Unlike human-facing APIs, agent-facing tools must make the contract unambiguous through the description alone: agents infer intent from descriptions and generate calls that must match expected formats. Every ambiguity becomes a potential failure mode that no amount of prompt engineering can fix.

#broad-capability#agent-skills#designSoftware Engineering

To Prd

Turn the current conversation into a PRD and publish it to the project issue tracker — no interview, just synthesis of what you've already discussed.

#broad-capability#typescript#engineeringSoftware Engineering

Track Management

Use this skill when creating, managing, or working with Conductor tracks - the logical work units for features, bugs, and refactors. Applies to spec.md, plan.md, and track lifecycle operations.

#broad-capability#engineering#agent-skillsSoftware Engineering

Trail

Investigating git history, analyzing regression root causes, and performing code archaeology. Time-travels through commit history to uncover truth. Use when git history investigation or regression analysis is needed.

#broad-capability#development#securitySoftware Engineering

DevOps & Cloud

Tempo

Guide for implementing Grafana Tempo - a high-scale distributed tracing backend for OpenTelemetry traces. Use when configuring Tempo deployments, setting up storage backends (S3, Azure Blob, GCS), writing TraceQL queries, deploying via Helm, understanding trace structure, or troubleshooting Tempo issues on Kubernetes.

#broad-capability#devops#azureDevOps & Cloud

Tensorrt LLM

Optimizes LLM inference with NVIDIA TensorRT for maximum throughput and lowest latency. Use for production deployment on NVIDIA GPUs (A100/H100), when you need 10-100x faster inference than PyTorch, or for serving models with quantization (FP8/INT4), in-flight batching, and multi-GPU scaling.

#broad-capability#development#creativeDevOps & Cloud

Terraform Agent

Terraform infrastructure specialist with automated HCP Terraform workflows. Leverages Terraform MCP server for registry integration, workspace management, and run orchestration. Generates compliant code using latest provider/module versions, manages private registries, automates variable sets, and orchestrates infrastructure deployments with proper validation and security practices.

#github-copilot#terraform#infrastructureDevOps & Cloud

Terraform Azurerm Set Diff Analyzer

Analyze Terraform plan JSON output for AzureRM Provider to distinguish between false-positive diffs (order-only changes in Set-type attributes) and actual resource changes. Use when reviewing terraform plan output for Azure resources like Application Gateway, Load Balancer, Firewall, Front Door, NSG, and other resources with Set-type attributes that cause spurious diffs due to internal ordering changes.

#github-copilot#terraform#infrastructureDevOps & Cloud

Terraform Conventions

Terraform Conventions and Guidelines

#github-copilot#terraform#infrastructureDevOps & Cloud

Terraform Engineer

Use when implementing infrastructure as code with Terraform across AWS, Azure, or GCP. Invoke for module development (create reusable modules, manage module versioning), state management (migrate backends, import existing resources, resolve state conflicts), provider configuration, multi-environment workflows, and infrastructure testing.

#engineering#full-stack#terraformDevOps & Cloud

Terraform IaC Reviewer

Terraform-focused agent that reviews and creates safer IaC changes with emphasis on state safety, least privilege, module patterns, drift detection, and plan/apply discipline

#github-copilot#terraform#infrastructureDevOps & Cloud

Terraform on SAP BTP – Best Practices & Conventions

Terraform conventions and guidelines for SAP Business Technology Platform (SAP BTP).

#github-copilot#terraform#infrastructureDevOps & Cloud

Terraform Search Import

Discover existing cloud resources using Terraform Search queries and bulk import them into Terraform management. Use when bringing unmanaged infrastructure under Terraform control, auditing cloud resources, or migrating to IaC.

#terraform#packer#infrastructure-as-codeDevOps & Cloud

Terraform Skill

Operational traps for Terraform provisioners, multi-environment isolation, and zero-to-deployment reliability. Use when writing null_resource / remote-exec / local-exec / file provisioners, setting up fresh instances with cloud-init, or any IaC code that SSHs into remote hosts; when creating multi-environment Terraform setups (DNS record duplication, snapshot cross-contamination); or when debugging containers that are Restarting/unhealthy after terraform apply. Also when the user mentions terraform plan/apply errors, provisioner failures, infrastructure drift, TLS certificate errors, Cloudflare credential format, or Caddy/gateway / Caddyfile / compose configuration.

#broad-capability#research#documentsDevOps & Cloud

Terraform Stacks

Comprehensive guide for working with HashiCorp Terraform Stacks. Use when creating, modifying, or validating Terraform Stack configurations (.tfcomponent.hcl, .tfdeploy.hcl files), working with stack components and deployments from local modules, public registry, or private registry sources, managing multi-region or multi-environment infrastructure, or troubleshooting Terraform Stacks syntax and structure.

#terraform#packer#infrastructure-as-codeDevOps & Cloud

Terratest Module Testing

Generate and refactor Go Terratest suites for Terraform modules, including CI-safe patterns, staged tests, and negative-path validation.

#github-copilot#terraform#infrastructureDevOps & Cloud

Data, AI & Research

Tensorboard

Visualize training metrics, debug models with histograms, compare experiments, visualize model graphs, and profile performance with TensorBoard - Google's ML visualization toolkit

#broad-capability#creative#mlData, AI & Research

Timesfm Forecasting

Zero-shot time series forecasting with Google's TimesFM foundation model. Use this skill when forecasting ANY univariate time series — sales, sensor readings, stock prices, energy demand, patient vitals, weather, or scientific measurements — without training a custom model. Automatically checks system RAM/GPU before loading the model, supports CSV/DataFrame/array inputs, and returns point forecasts with calibrated prediction intervals. Includes a preflight system checker script that MUST be run before first use to verify the machine can load the model. For classical statistical time series models (ARIMA, SARIMAX, VAR) use statsmodels; for time series classification/clustering use aeon.

#broad-capability#creative#deepData, AI & Research

Timesfm Forecasting

Zero-shot time series forecasting with Google's TimesFM foundation model. Use for any univariate time series (sales, sensors, energy, vitals, weather) without training a custom model. Supports CSV/DataFrame/array inputs with point forecasts and prediction intervals. Includes a preflight system checker script to verify RAM/GPU before first use.

#broad-capability#science#mathData, AI & Research

Torchdrug

Graph-based drug discovery toolkit. Molecular property prediction (ADMET), protein modeling, knowledge graph reasoning, molecular generation, retrosynthesis, GNNs (GIN, GAT, SchNet), 40+ datasets, for PyTorch-based ML on molecules, proteins, and biomedical graphs.

#broad-capability#creative#deepData, AI & Research

Torchdrug

PyTorch-native graph neural networks for molecules and proteins. Use when building custom GNN architectures for drug discovery, protein modeling, or knowledge graph reasoning. Best for custom model development, protein property prediction, retrosynthesis. For pre-trained models and diverse featurizers use deepchem; for benchmark datasets use pytdc.

#broad-capability#science#mathData, AI & Research

Torch Geometric

PyTorch Geometric (PyG) for graph neural networks — node/link/graph classification, message passing (GCN, GAT, GraphSAGE, GIN), heterogeneous graphs, neighbor sampling, and custom datasets. Use when working with torch_geometric, not for general NetworkX analytics or non-graph PyTorch models.

#broad-capability#science#mathData, AI & Research

Torch Geometric

Graph Neural Networks (PyG). Node/graph classification, link prediction, GCN, GAT, GraphSAGE, heterogeneous graphs, molecular property prediction, for geometric deep learning.

#broad-capability#creative#deepData, AI & Research

Trace

Analyzing session replays, extracting persona-based behavioral patterns, and storytelling UX issues. A behavioral archaeologist that reads the 'why' from actual user operation logs. Collaborates with Field/Echo for persona validation.

#broad-capability#development#securityData, AI & Research

Trade Hypothesis Ideator

Generate falsifiable trade strategy hypotheses from market data, trade logs, and journal snippets. Use when you have a structured input bundle and want ranked hypothesis cards with experiment designs, kill criteria, and optional strategy.yaml export compatible with edge-finder-candidate/v1.

#work-life#productivity#financeData, AI & Research

Trader Memory Core

Track investment theses across their lifecycle — from screening idea to closed position with postmortem. Register theses from screener outputs, manage state transitions, attach position sizing, review due dates, and generate postmortem reports with P&L and MAE/MFE analysis. Trigger when user says "register thesis", "track this idea", "thesis status", "review due", "close position", "postmortem", or "trading journal".

#work-life#productivity#financeData, AI & Research

Tradingview Reader

Read TradingView desktop app for market data, news, alerts, watchlists, and screener results using opencli (read-only). Use this skill whenever the user wants quotes, options chains, options expiries, screener results across stocks/crypto/forex/futures/bonds, gainers/losers/movers, news headlines or full story bodies, alerts (active list, fire log, offline fires), watchlists including colored flag lists, symbol search/autocomplete, chart state, or screenshots from their local TradingView.app. Triggers include: "options chain for X", "IV on Y", "show me SNDK puts", "TV screener for Y sector", "screen oversold stocks", "TV gainers", "crypto by market cap", "TradingView news on AAPL", "show my watchlists", "red flag list", "list my alerts", "what alerts fired", "search TV for nvidia", "what symbol is on my chart", "screenshot NVDA chart", "TradingView IV skew", "TV expiries for X". This skill is READ-ONLY — it does NOT place trades, modify watchlists, or change chart layouts.

#work-life#productivity#financeData, AI & Research

Training Check

Periodically check WandB metrics during training to catch problems early (NaN, loss divergence, idle GPUs). Avoids wasting GPU hours on broken runs. Use when training is running and you want automated health checks.

#broad-capability#wanshuiyin-aris#ml-researchData, AI & Research

Training Check

Interactively monitor training metrics from the current Codex session, periodically checking WandB or fallback logs for NaN, divergence, plateaus, and broken runs.

#broad-capability#wanshuiyin-aris#ml-researchData, AI & Research

Security & Compliance

Termination Review

Termination review — high-risk flag detection, severance + release, and final pay timing by jurisdiction. Jurisdiction-specific rules and release consideration periods are researched per review, not stored. Use when the user says "reviewing a termination", "can we fire this person", "term review", or describes a termination scenario.

#legal#contracts#ndaSecurity & Compliance

Testing Android Intents For Vulnerabilities

Tests Android inter-process communication (IPC) through intents for vulnerabilities including intent injection, unauthorized component access, broadcast sniffing, pending intent hijacking, and content provider data leakage. Use when assessing Android app attack surface through exported components, testing intent-based data flows, or evaluating IPC security. Activates for requests involving Android intent security, IPC testing, exported component analysis, or Drozer assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing API Authentication Weaknesses

Tests API authentication mechanisms for weaknesses including broken token validation, missing authentication on endpoints, weak password policies, credential stuffing susceptibility, token leakage in URLs or logs, and session management flaws. The tester evaluates JWT implementation, API key handling, OAuth flows, and session token entropy to identify authentication bypasses. Maps to OWASP API2:2023 Broken Authentication. Activates for requests involving API authentication testing, token validation assessment, credential security testing, or API auth bypass.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing API For Broken Object Level Authorization

Tests REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR) vulnerabilities where an authenticated user can access or modify resources belonging to other users by manipulating object identifiers in API requests. The tester intercepts API calls, identifies object ID parameters (numeric IDs, UUIDs, slugs), and systematically replaces them with IDs belonging to other users to determine if the server enforces per-object authorization. This is OWASP API Security Top 10 2023 risk API1. Activates for requests involving BOLA testing, IDOR in APIs, object-level authorization testing, or API access control bypass.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing API For Mass Assignment Vulnerability

Tests APIs for mass assignment (auto-binding) vulnerabilities where clients can modify object properties they should not have access to by including additional parameters in API requests. The tester identifies writable endpoints, adds undocumented fields to request bodies (role, isAdmin, price, balance), and checks if the server binds these to the data model without filtering. Part of OWASP API3:2023 Broken Object Property Level Authorization. Activates for requests involving mass assignment testing, parameter binding abuse, auto-binding vulnerability, or API over-posting.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing API Security With Owasp Top 10

Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated and manual testing techniques.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing Cors Misconfiguration

Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain data access and credential theft during security assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Broken Access Control

Systematically testing web applications for broken access control vulnerabilities including privilege escalation, missing function-level checks, and insecure direct object references.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Business Logic Vulnerabilities

Identifying flaws in application business logic that allow price manipulation, workflow bypass, and privilege escalation beyond what technical vulnerability scanners can detect.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Email Header Injection

Test web application email functionality for SMTP header injection vulnerabilities that allow attackers to inject additional email headers, modify recipients, and abuse contact forms for spam relay.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Host Header Injection

Test web applications for HTTP Host header injection vulnerabilities to identify password reset poisoning, web cache poisoning, SSRF, and virtual host routing manipulation risks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For JSON Web Token Vulnerabilities

Test JWT implementations for critical vulnerabilities including algorithm confusion, none algorithm bypass, kid parameter injection, and weak secret exploitation to achieve authentication bypass and privilege escalation.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Open Redirect Vulnerabilities

Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters, bypass techniques, and exploitation chains for phishing and token theft.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Sensitive Data Exposure

Identifying sensitive data exposure vulnerabilities including API key leakage, PII in responses, insecure storage, and unprotected data transmission during security assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For XML Injection Vulnerabilities

Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks to identify data exposure and server-side request forgery risks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Xss Vulnerabilities

Tests web applications for Cross-Site Scripting (XSS) vulnerabilities by injecting JavaScript payloads into reflected, stored, and DOM-based contexts to demonstrate client-side code execution, session hijacking, and user impersonation. The tester identifies all injection points and output contexts, crafts context-appropriate payloads, and bypasses sanitization and CSP protections. Activates for requests involving XSS testing, cross-site scripting assessment, client-side injection testing, or JavaScript injection vulnerability testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Xss Vulnerabilities With Burpsuite

Identifying and validating cross-site scripting vulnerabilities using Burp Suite's scanner, intruder, and repeater tools during authorized security assessments.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing For Xxe Injection Vulnerabilities

Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF, and exfiltrate data during authorized penetration tests.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing JWT Token Security

Assessing JSON Web Token implementations for cryptographic weaknesses, algorithm confusion attacks, and authorization bypass vulnerabilities during security engagements.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing Mobile API Authentication

Tests authentication and authorization mechanisms in mobile application APIs to identify broken authentication, insecure token management, session fixation, privilege escalation, and IDOR vulnerabilities. Use when performing API security assessments against mobile app backends, testing JWT implementations, evaluating OAuth flows, or assessing session management. Activates for requests involving mobile API auth testing, token security assessment, OAuth mobile flow testing, or API authorization bypass.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing Oauth2 Implementation Flaws

Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception, redirect URI manipulation, CSRF in OAuth flows, token leakage, scope escalation, and PKCE bypass. The tester evaluates the authorization server, client application, and token handling for common misconfigurations that enable account takeover or unauthorized access. Activates for requests involving OAuth security testing, OIDC vulnerability assessment, OAuth2 redirect bypass, or authorization code flow testing.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing Ransomware Recovery Procedures

Test and validate ransomware recovery procedures including backup restore operations, RTO/RPO target verification, recovery sequencing, and clean restore validation to ensure organizational resilience against destructive ransomware attacks.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Testing Websocket API Security

Tests WebSocket API implementations for security vulnerabilities including missing authentication on WebSocket upgrade, Cross-Site WebSocket Hijacking (CSWSH), injection attacks through WebSocket messages, insufficient input validation, denial-of-service via message flooding, and information leakage through WebSocket frames. The tester intercepts WebSocket handshakes and messages using Burp Suite, crafts malicious payloads, and tests for authorization bypass on WebSocket channels. Activates for requests involving WebSocket security testing, WS penetration testing, CSWSH attack, or real-time API security assessment.

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Threat Mitigation Mapping

Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.

#broad-capability#engineering#agent-skillsSecurity & Compliance

Threat Model Analyst

Full STRIDE-A threat model analysis and incremental update skill for repositories and systems. Supports two modes: (1) Single analysis — full STRIDE-A threat model of a repository, producing architecture overviews, DFD diagrams, STRIDE-A analysis, prioritized findings, and executive assessments. (2) Incremental analysis — takes a previous threat model report as baseline, compares the codebase at the latest (or a given commit), and produces an updated report with change tracking (new, resolved, still-present threats), STRIDE heatmap, findings diff, and an embedded HTML comparison. Only activate when the user explicitly requests a threat model analysis, incremental update, or invokes /threat-model-analyst directly.

#github-copilot#application#securitySecurity & Compliance

Tracking Threat Actor Infrastructure

Threat actor infrastructure tracking involves monitoring and mapping adversary-controlled assets including command-and-control (C2) servers, phishing domains, exploit kit hosts, bulletproof hosting, a

#mukul-cybersecurity-skills#security#cybersecuritySecurity & Compliance

Mobile App Development

Testing Compose In Release Mode

Use this skill to ensure Jetpack Compose performance numbers reflect production reality by measuring against a release variant with R8 enabled, Live Literals disabled, and Compose Compiler reports read from the release output directory. Covers why debug builds lie (interpreted Compose runtime, JIT warmup, Live Literals constant-getters), how to set up a release-with-symbols measurement build, and how to wire Macrobenchmark, Compose Compiler reports, Layout Inspector, simpleperf, and Android Studio Profiler against it. Cited result is roughly 75 percent startup gain and 60 percent frame-render gain debug to release. Use when the developer reports "slow startup", "jank", "dropped frames", "high recomposition count", or quotes timings from `assembleDebug`, Layout Inspector, or `CompilationMode.None`. Use when reviewing a perf bug, setting up a CI perf gate, or before filing a perf regression.

#android#jetpack-compose#performanceMobile App Development

Tracing Recompositions At Runtime

Use this skill to instrument a Jetpack Compose composable with `@TraceRecomposition` from `skydoves/compose-stability-analyzer` so per-recomposition diffs (which state or parameter changed, what value transition) print to logcat under the `Recomposition` tag. Works in release-with-debug-symbols builds where Android Studio Layout Inspector cannot reach, and feeds the IntelliJ / Android Studio plugin's live recomposition heatmap (green under 10, yellow 10–50, red 50+). Covers the Gradle plugin setup, the `ComposeStabilityAnalyzer.setEnabled(BuildConfig.DEBUG)` runtime gate that keeps the instrumentation out of production, and the handoff to debug-time Layout Inspector and CI `stabilityCheck`. Use when the user mentions `@TraceRecomposition`, "trace recomposition", "compose-stability-analyzer", "recomposition logcat", "recomposition heatmap", "release-mode recomposition counts", or needs to confirm a stability fix in a release-like build.

#android#jetpack-compose#performanceMobile App Development

Business, Marketing & Sales

The Fool

Use when challenging ideas, plans, decisions, or proposals using structured critical reasoning. Invoke to play devil's advocate, run a pre-mortem, red team, or audit evidence and assumptions.

#engineering#full-stack#competitiveBusiness, Marketing & Sales

Theme Detector

Detect and analyze trending market themes across sectors. Use when user asks about current market themes, trending sectors, sector rotation, thematic investing, what themes are hot or cold, or wants to identify bullish and bearish market narratives with lifecycle analysis.

#work-life#productivity#financeBusiness, Marketing & Sales

Ticket Triage

Triage and prioritize a support ticket or customer issue. Use when a new ticket comes in and needs categorization, assigning P1-P4 priority, deciding which team should handle it, or checking whether it's a duplicate or known issue before routing.

#work-life#productivity#knowledge-workBusiness, Marketing & Sales

Tiktok Marketing

TikTok content strategy, video creation workflows, posting optimization, and analytics. Based on n8n automation templates.

#work-life#office#productivityBusiness, Marketing & Sales

Time Value Of Money

Calculate present value, future value, NPV, IRR for projects and loans, loan payments, and amortization schedules across all compounding conventions. Use when the user asks about discounting cash flows, valuing an annuity or perpetuity, comparing investments with different timing, building a mortgage amortization table, evaluating whether a project is worth pursuing, or solving for the rate that equates cash flows (project IRR, loan IRR, yield on an investment). Also trigger when users mention 'what is it worth today', 'how much will I have in 20 years', 'monthly payment on a loan', 'discount rate', 'Gordon growth model', 'effective annual rate', 'continuous compounding', or ask how to compare a lump sum versus a stream of payments. For portfolio money-weighted return (dollar-weighted IRR on an investor's contributions and withdrawals), use return-calculations instead.

#finance#personal-finance#wealth-managementBusiness, Marketing & Sales

Science & Simulation

Personal Productivity

Education & Writing

Design, Media & Creative