Analyze detected vulnerabilities to assess realistic exploitability by examining control flow, input sources, sanitization logic, and execution context. Use when users need to: (1) Determine if a vulnerability is actually exploitable in practice, (2) Assess severity and impact of security issues, (3) Prioritize vulnerability remediation, (4) Understand attack vectors and exploitation conditions, (5) Generate exploitability reports with proof-of-concept scenarios. Focuses on injection vulnerabilities (SQL, command, XSS, path traversal, LDAP) with detailed analysis of reachability, controllability, sanitization, and impact.

Summarizes the complete lifecycle of a bug across code versions, tracking its introduction, detection, fixing attempts, and regression history. Use when users need to: (1) Understand how a bug evolved over time, (2) Trace when and how a bug was introduced, (3) Analyze fix attempts and their effectiveness, (4) Identify regression patterns, (5) Generate bug lifecycle reports for documentation or post-mortems. Takes a repository, bug identifier, and version history as input.

Build server-side call automation workflows including IVR systems, call routing, recording, and AI-powered interactions.

Patterns and techniques for adding governance, safety, and trust controls to AI agent systems. Use this skill when: - Building AI agents that call external tools (APIs, databases, file systems) - Implementing policy-based access controls for agent tool usage - Adding semantic intent classification to detect dangerous prompts - Creating trust scoring systems for multi-agent workflows - Building audit trails for agent actions and decisions - Enforcing rate limits, content filters, or tool restrictions on agents - Working with any agent framework (PydanticAI, CrewAI, OpenAI Agents, LangChain, AutoGen)

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

Cloudflare Workers observability with logging, Analytics Engine, Tail Workers, metrics, and alerting. Use for monitoring, debugging, tracing, or encountering log parsing, metric aggregation, alert configuration errors.

Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.

Guide for creating Packmind packages via the CLI. This skill should be used when users want to create a new package to organize standards, commands, and skills for distribution.

Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.

Generate Terraform HCL code following HashiCorp's official style conventions and best practices. Use when writing, reviewing, or generating Terraform configurations.

Analyze and optimize React component performance issues (slow renders, re-render thrash, laggy lists, expensive computations). Use when asked to profile or improve a React component, reduce re-renders, or speed up UI updates in React apps.

Integrate Descope authentication into applications. Use when implementing login, signup, passwordless auth (OTP, Magic Link, Passkeys), OAuth, SSO, or MFA. Detects framework and provides targeted guidance.

Guides developers through standardized pull request creation workflow: auto-detects JIRA issue key(s) from the branch name, commits any uncommitted changes with the issue key(s) in the message, generates a descriptive PR title and body from the diff, and creates the pull request to a chosen target branch. Supports one or multiple JIRA keys (e.g. MBL-1327, POS-1123) and two modes — streamlined (auto-creates PR, default) and review (shows draft before creating). USE FOR: create PR, open pull request, make PR, submit PR, raise PR, create pull request, standardize PR workflow, PR with JIRA, commit and PR, push and create PR, create PR detailed, create PR full, create PR with review. DO NOT USE FOR: general git operations, branch creation, hotfix procedures unrelated to PR creation.

Meta Ads deep analysis covering Facebook and Instagram advertising. Evaluates 50 checks across Pixel/CAPI health, creative diversity and fatigue, account structure, and audience targeting. Includes Advantage+ assessment. Use when user says Meta Ads, Facebook Ads, Instagram Ads, Advantage+, or Meta campaign.

Web search and content extraction via Brave Search API. Use for searching documentation, facts, or any web content. Lightweight, no browser required.

Financial data from Yahoo Finance: stock/bond prices, credit analysis, macro dashboard, FX rates, ETF flows, fundamentals, and news. Use when the user asks about stock prices, bond yields, credit metrics, leverage ratios, debt/ebitda, interest coverage, macro indicators (VIX, DXY, treasury yields, oil, gold, BTC), LatAm FX (ARS, BRL, CLP, MXN, COP), ETF holdings, income statements, balance sheets, cash flow, financial news, options chains, dividend history, or analyst ratings/upgrades. Commands: yf price, yf quote, yf compare, yf credit, yf macro, yf fx, yf flows, yf history, yf fundamentals, yf news, yf search, yf options, yf dividends, yf ratings.

Use when processing incoming emails with Postmark inbound webhooks — building reply-by-email, email-to-ticket, document extraction, or any workflow that receives and parses email.