Run Azure compliance and security audits with azqr plus Key Vault expiration checks. Covers best-practice assessment, resource review, policy/compliance validation, and security posture checks. WHEN: compliance scan, security audit, BEFORE running azqr (compliance cli tool), Azure best practices, Key Vault expiration check, expired certificates, expiring secrets, orphaned resources, compliance assessment.

Senior React Native and Expo engineer for building production-ready cross-platform mobile apps. Use when building React Native components, implementing navigation with Expo Router, optimizing list and scroll performance, working with animations via Reanimated, handling platform-specific code (iOS/Android), integrating native modules, or structuring Expo projects. Triggers on React Native, Expo, mobile app, iOS app, Android app, cross-platform, native module, FlatList, FlashList, LegendList, Reanimated, Expo Router, mobile performance, app store. Do NOT use for Flutter, web-only React, or backend Node.js tasks.

Configure, explore, and optimize Nx monorepo workspaces. Use when setting up Nx, exploring workspace structure, configuring project boundaries, analyzing affected projects, optimizing build caching, or implementing CI/CD with affected commands. Keywords — nx, monorepo, workspace, projects, targets, affected. Do NOT use for running tasks (use nx-run-tasks) or code generation with generators (use nx-generate).

Expert AWS Cloud Advisor for architecture design, security review, and implementation guidance. Leverages AWS MCP tools for accurate, documentation-backed answers. Use when user asks about AWS architecture, security, service selection, migrations, troubleshooting, or learning AWS. Triggers on AWS, Lambda, S3, EC2, ECS, EKS, DynamoDB, RDS, CloudFormation, CDK, Terraform, Serverless, SAM, IAM, VPC, API Gateway, or any AWS service. Do NOT use for non-AWS cloud providers or general infrastructure without AWS context.

Guidance for creating Blazor components that emulate ASP.NET Web Forms controls. Use this when implementing new components or extending existing ones in the BlazorWebFormsComponents library.

Three.js textures - texture types, UV mapping, environment maps, texture settings. Use when working with images, UV coordinates, cubemaps, HDR environments, or texture optimization.

Three.js asset loading - GLTF, textures, images, models, async patterns. Use when loading 3D models, textures, HDR environments, or managing loading progress.

Extracts an SMV (NuSMV/nuXmv) finite-state model from code or state-machine descriptions, for CTL/LTL model checking of reactive systems. Use when verifying hardware-adjacent or embedded logic, when the state space is naturally finite and small, or when CTL branching-time properties are needed.

Scans source code for security vulnerabilities by applying Project CodeGuard rules — injection, unsafe deserialization, XSS, path traversal, broken access control. Use when performing a security audit, when reviewing a PR that touches request handlers or database queries, when the user asks for a vulnerability scan, or when wiring security checks into CI.

Matches code against Project CodeGuard's catalog of known-dangerous patterns — banned C functions, weak crypto primitives, hardcoded credentials, deprecated APIs. Use when grepping for low-hanging security fruit, when enforcing a ban-list in CI, or when the user asks to check for known-bad patterns.

Configures and runs LLM evaluation using Promptfoo framework. Use when setting up prompt testing, creating evaluation configs (promptfooconfig.yaml), writing Python custom assertions, implementing llm-rubric for LLM-as-judge, or managing few-shot examples in prompts. Triggers on keywords like "promptfoo", "eval", "LLM evaluation", "prompt testing", or "model comparison".

This skill should be used when the user says "review PR", "review pull request", "check PR comments", "review PR feedback", "review PR 123", "analyze PR comments", "validate PR review", "address PR feedback", "fix PR issues", "what did the reviewer say", "review Bitbucket PR", or wants to validate GitHub or Bitbucket PR review comments, categorize findings, and optionally connect back into the Arness pipeline for fixes. Do NOT use this for creating PRs (use arn-code-ship) or reviewing implementation quality (use arn-code-review-implementation).

This skill should be used when the user says "naming", "brand name", "name my product", "find a name", "product naming", "brand naming", "what should I call it", "name ideas", "pick a name", "naming session", "help me name this", "brainstorm names", "come up with a name", "arn spark naming", "arn-spark-naming", or wants to find a brand name for their product through strategic analysis, creative generation, qualitative scoring, and due diligence including domain availability and trademark screening.

This skill should be used when the user says "batch implement", "implement all", "batch execution", "implement all features", "parallel implement", "implement in parallel", "arness batch implement", "arn-code-batch-implement", "run batch implementation", "implement everything", "launch batch workers", or wants to spawn parallel worktree-isolated background agents to implement multiple pending features simultaneously. Each worker runs as a full independent session with all tools. This skill requires pending plans in .arness/plans/ — run arn-code-batch-planning first if none exist.

Guides the creation of detailed agile feature documentation from an existing epic. Use when the user wants to split an epic into feature files, derive features with scope and acceptance criteria, or plan feature documentation for stakeholders or engineering. This should trigger for requests such as Create features from an epic; Split epic into features; Feature files from epic; Derive features from epic. Part of cursor-rules-java project

IBM quantum computing framework. Use when targeting IBM Quantum hardware, working with Qiskit Runtime for production workloads, or needing IBM optimization tools. Best for IBM hardware execution, quantum error mitigation, and enterprise quantum computing. For Google hardware use cirq; for gradient-based quantum ML use pennylane; for open quantum system simulations use qutip.

Create research posters using HTML/CSS that can be exported to PDF or PPTX. Use this skill ONLY when the user explicitly requests PowerPoint/PPTX poster format. For standard research posters, use latex-posters instead. This skill provides modern web-based poster design with responsive layouts and easy visual integration.

Design effective KPI dashboards with metrics selection, visualization best practices, and real-time monitoring patterns. Use this skill when building an executive SaaS metrics dashboard tracking MRR, churn, and LTV/CAC ratios; designing an operations center with live service health and request throughput; creating a cohort retention analysis view for a product team; or debugging a dashboard where metrics contradict each other due to inconsistent calculation methodology.

Search and monitor social media using X/Twitter (via Grok) and Reddit APIs. USE FOR: - Searching X/Twitter posts by keywords or hashtags - Finding X/Twitter users by criteria - Getting a user's recent posts - Searching Reddit posts and discussions - Getting comments from Reddit threads - Social media monitoring and research TRIGGERS: - "twitter", "X", "tweets", "posts on X" - "reddit", "subreddit", "reddit discussion" - "what are people saying", "social media", "sentiment" - "trending", "viral", "popular posts" - "user's posts", "timeline", "recent activity" Use `npx agentcash fetch` for Grok (X) and Reddit endpoints. All endpoints are $0.02 per call. IMPORTANT: Use exact endpoint paths from the Quick Reference table below.