Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full ruleset coverage) and "important only" (high-confidence security vulnerabilities). Automatically detects and uses Semgrep Pro for cross-file taint analysis when available. Use when asked to scan code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform static analysis. Spawns parallel workers for multi-language codebases.

Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality + security-experimental suites) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.

Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes. Use when reviewing API designs, configuration schemas, cryptographic library ergonomics, or evaluating whether code follows 'secure by default' and 'pit of success' principles. Triggers: footgun, misuse-resistant, secure defaults, API usability, dangerous configuration.

Scans Cosmos SDK blockchain modules and CosmWasm contracts for consensus-critical vulnerabilities — chain halts, fund loss, state divergence. 25 core + 16 IBC + 10 EVM + 3 CosmWasm patterns. Use when auditing custom x/ modules, reviewing IBC integrations, or assessing pre-launch chain security. Updated for SDK v0.53.x.

Fix GitHub issues using gh CLI. Use when asked to fix, resolve, or address a GitHub issue. Creates fixes on separate branches, runs tests locally, and creates PRs when tests pass. Requires gh CLI authenticated and repo cloned locally.

Creates, configures, and updates Databricks Lakeflow Spark Declarative Pipelines (SDP/LDP) using serverless compute. Handles data ingestion with streaming tables, materialized views, CDC, SCD Type 2, and Auto Loader ingestion patterns. Use when building data pipelines, working with Delta Live Tables, ingesting streaming data, implementing change data capture, or when the user mentions SDP, LDP, DLT, Lakeflow pipelines, streaming tables, or bronze/silver/gold medallion architectures.

Creates complete AEM components with dialog, HTL template, Sling Model, unit tests, and clientlibs. Supports extending Core Components and project components. When a Figma design URL is provided, fetches the design via Figma MCP (get_design_context) and translates it into pixel-perfect HTL, CSS, and JS. Follows Adobe Experience League best practices for AEM Cloud Service and 6.5. Use this skill whenever the user mentions creating, building, generating, or scaffolding an AEM component, or mentions component types like teaser, card, hero, banner, accordion, tabs, carousel, list, navigation, breadcrumb, or any custom AEM component. Also trigger when the user wants to extend a Core Component, create a component dialog, add a Sling Model, or convert a Figma design into an AEM component.

Create or edit the Universal Editor component configuration (component-definition.json, component-models.json, component-filters.json) for AEM Edge Delivery Services blocks. Use this skill whenever the user mentions component models, component definitions, component filters, block configuration for the Universal Editor, UE block setup, adding a new block to UE, configuring block properties, block authoring fields, or any task involving the three JSON config files that control how blocks appear in the Universal Editor. Also trigger when the user wants to create a new EDS/Franklin block with UE support, modify block fields, add a block to the section filter, or asks about how blocks connect to the Universal Editor.

全エージェント（家老・足軽1-7・軍師）の稼働状態を一覧表示するスキル。tmux pane状態（稼働中/待機中/不在）とタスクYAML状態（task_id, status）と未読inbox数を統合表示。「稼働確認」「エージェント状態」「布陣確認」「agent status」で起動。

Use this skill to interactively debug Antithesis test runs using the multiverse debugger. Open a debugging-session URL, inspect container filesystems and runtime state, run shell commands, and extract evidence from inside the Antithesis environment. Supports both the simplified debugger (default) and the advanced notebook mode.

Explores a Spring Boot application and builds primary context: tech stack, module structure, domain entities, REST endpoints. Triggers on explicit requests: "explore project", "describe project", "project overview", "what is this project", "project structure", "tech stack", "give me context about the project", or whenever you need to understand the project before starting any task.

End-to-end GitHub repository maintenance for open-source projects. Use when asked to triage issues, review PRs, analyze contributor activity, generate maintenance reports, or maintain a repository. Triggers include "triage", "maintain", "review PRs", "analyze issues", "repo maintenance", "what needs attention", "open source maintenance", or any request to understand and act on GitHub issues/PRs. Supports human-in-the-loop workflows with persistent memory across sessions.

Generates, formats, and validates technical documentation — including docstrings, OpenAPI/Swagger specs, JSDoc annotations, doc portals, and user guides. Use when adding docstrings to functions or classes, creating API documentation, building documentation sites, or writing tutorials and user guides. Invoke for OpenAPI/Swagger specs, JSDoc, doc portals, getting started guides.

Diagnostic and repair workflow that analyzes error logs, traces root causes, implements fixes, and verifies with regression tests. Use when fixing bugs, debugging runtime errors or exceptions, investigating test failures or crashes, or submitting bug-fix pull requests. Activated by commands: /unattended, /assess, /diagnose, /reproduce, /fix, /test, /review, /document, /pr, /feedback, /start.

Create and present web-based slidedecks for developers using Slidev with Markdown, Vue components, code highlighting, animations, and interactive features. Use when building technical presentations, conference talks, code walkthroughs, teaching materials, or developer decks.

Up-to-date Microsoft Graph API knowledge for AI agents. Search 27,700+ Graph APIs, endpoint docs, resource schemas, and community samples — all locally, no network calls. Use when the agent needs to find, understand, or call Microsoft Graph endpoints.

Generates, formats, and validates technical documentation — including docstrings, OpenAPI/Swagger specs, JSDoc annotations, doc portals, and user guides. Use when adding docstrings to functions or classes, creating API documentation, building documentation sites, or writing tutorials and user guides. Invoke for OpenAPI/Swagger specs, JSDoc, doc portals, getting started guides.

Excel MCP Server skill for Windows workbook automation. Use when an assistant needs rich MCP tools to create, inspect, modify, format, or analyze Excel files. Supports Power Query (M), Data Model/DAX, PivotTables, Tables, Ranges, Charts, Slicers, formatting, screenshots, VBA macros, connections, and calculation mode. Triggers: Excel, spreadsheet, workbook, xlsx, xlsm, Power Query, DAX, PivotTable, chart, dashboard, VBA, MCP.

Excel CLI automation skill for Windows workbooks. Use when a coding agent needs token-efficient, scriptable, or unattended Excel automation via excelcli commands. Best for CI/CD, scheduled jobs, batch processing, PowerShell workflows, and bulk workbook edits. Supports Power Query, DAX, PivotTables, Tables, Ranges, Charts, VBA, Data Models, screenshots, and formatting. Triggers: excelcli, Excel CLI, command line, batch, script, automation, CI/CD, scheduled, PowerShell, unattended, coding agent, workbook processing.