Creates, updates, and reviews product changelog entries for the Cloudflare documentation site. Load when generating changelog MDX files, editing existing entries, reviewing changelog style, or validating frontmatter.

Creates and updates GitHub pull requests for cloudflare-docs changes. Load when asked to open, create, submit, update, edit, or write a title or description for a PR. Covers title conventions, PR body structure, and the documentation checklist template.

Retrieve Coinbase Design System (CDS) documentation: setup, installation, theming, tokens, and per-component APIs/examples. Use this skill whenever the task involves CDS components, design-system rules, theming, or choosing between web and mobile CDS packages, even if the user only says "use CDS" or names a component. Always start from the docs route index, then fetch only the pages you need to reason and implement correctly. Prefer the CDS MCP server (`list-cds-routes`, `get-cds-doc`); if MCP is unavailable, use curl against https://cds.coinbase.com/llms/....

Use when iteratively optimizing an existing SKILL.md (or a skill folder with bundle files) — runs a Tessl-gated Ralph loop with snapshot-and-revert protection, never accepts a worse `tessl skill review` score, and stops when no candidate change improves both the score and the structural quality. Triggers for `/optimize-skill PATH`, "make this skill better", "iterate on this SKILL.md", "improve this skill's tessl score".

Expert in asynchronous programming patterns across languages (Python asyncio, JavaScript/TypeScript promises, C# async/await, Rust futures). Use for concurrent programming, event loops, async patterns, error handling, backpressure, cancellation, and performance optimization in async systems.

Writing conventions for scannable, token-efficient skills and prompts. Use when creating or reviewing SKILL.md files, AGENTS.md files, or any markdown-based agent instruction documents.

Discover APIs published in an API Experience Hub portal as a portal consumer. Use when an end user needs to browse the catalog, search assets by keyword or filter, open an API's detail page, read its terms and conditions, or fetch rendered documentation pages and resources.

Perform structured reconnaissance and attack surface enumeration for authorized penetration tests, CTF challenges, and bug bounty programs. Use when the user mentions 'recon,' 'reconnaissance,' 'enumerate,' 'attack surface,' 'subdomain enumeration,' 'port scan,' 'fingerprint,' 'asset discovery,' or needs to map a target's external footprint.

Techniques for patching code to overcome fuzzing obstacles. Use when checksums, global state, or other barriers block fuzzer progress.

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

Provides expertise for analyzing DWARF debug files and understanding the DWARF debug format/standard (v3-v5). Triggers when understanding DWARF information, interacting with DWARF files, answering DWARF-related questions, or working with code that parses DWARF data.

Use when bumping Meteor package versions for beta, RC, or official releases. Covers the two version schemes (meteor-tool vs all other packages), the update-semver automation tool, manual files the tool does not handle, and the full lifecycle from beta through official release. Applies to packages/*/package.js, scripts/admin/, npm-packages/meteor-installer/, and .meteor/versions in test apps.

Use when creating, updating, or maintaining AI documentation files (AGENTS.md, CLAUDE.md, skills). Covers file structure, conventions, and guidelines for evolving AI context.

Use for writing, reviewing, editing, or generating Meteor release changelog entries. Defines canonical file locations, naming rules, required section structure, formatting conventions, PR-based generation workflow (with gh CLI and web fallback), incremental updates, and common entry patterns. Applies to files under v3-docs/docs/generators/changelog/versions/.

Scan a repository's GitHub Actions workflows for insecure patterns and vulnerable third-party action versions using Endor Labs. Use when the user says "scan GitHub Actions", "workflow security", "endor ghactions", "insecure CI workflow", "vulnerable action version", "harden my GHA workflows", or focuses on `.github/workflows` without asking for a full dependency or secrets scan. Do NOT use for combined supply chain reports (/endor-supply-chain), generic quick scans (/endor-scan), adding Endor to pipelines (/endor-cicd), or dependency-only checks (/endor-check).

Assess supply chain risk for your repository by scanning dependencies, secrets, and GitHub Actions workflows using Endor Labs. Use when the user says "supply chain risk", "supply chain assessment", "assess my supply chain", "endor supply chain", "third-party risk", "software supply chain", or wants a combined view of dependency vulnerabilities, leaked secrets, and CI/CD pipeline risks. Do NOT use for GitHub Actions workflows only (/endor-ghactions), code-level SAST scanning (/endor-sast), single package checks (/endor-check), or full reachability analysis (/endor-scan-full).

Scan for exposed secrets, credentials, API keys, and sensitive data in your codebase. Use when the user says "find secrets", "scan for API keys", "exposed credentials", "endor secrets", "check for hardcoded passwords", pre-commit / staged-only secret checks, or suspects leaked tokens in code. Detects AWS keys, GitHub tokens, Stripe keys, private keys, and more. Do NOT use for code vulnerability scanning (/endor-sast) or dependency checks (/endor-sca).

Remediate security vulnerabilities by finding safe upgrade paths. Use when the user says "fix this vulnerability", "how do I fix CVE-XXXX", "remediate this finding", "patch this vuln", "endor fix", or wants step-by-step fix instructions for a specific CVE, finding, or vulnerable package. Can apply fixes automatically. Do NOT use for general scanning (/endor-scan) or just viewing vulnerability info (/endor-explain).

Onboarding wizard for Endor Labs. Guides users through prerequisites, MCP server configuration, authentication, namespace setup, and running their first scan. Use when the user says "endor setup", "configure endor", "endor auth", "set up endor", "install endor", "endor onboarding", or when any MCP tool fails with an auth or namespace error. Do NOT use when the user already has a working setup — route to specific skills instead.

Comprehensive security scan with full reachability analysis. Builds call graphs to determine which vulnerabilities are actually exploitable in your code. Use when the user says "full scan", "deep scan", "reachability scan", "which vulns are actually reachable", "endor scan full", or before a release. Takes 2-5 minutes. Do NOT use for quick daily scans (/endor-scan) or checking individual packages (/endor-check).