general-secure-coding-agent-skills
github.com/santosomar/general-secure-coding-agent-skills
Skill | Added | Review |
|---|---|---|
java-regression-test-generator Generates JUnit regression tests that lock in current behavior before a refactor, capturing observed outputs as assertions so that any behavioral change trips a test. Use before large refactors, when inheriting untested legacy Java, or when the spec is "whatever it does now." | 97 Impact Pending No eval scenarios have been run Securityby  Passed No known issues Reviewed: Version: 47d56bb | |
technical-debt-analyzer Analyzes a codebase to quantify and locate technical debt — where it lives, what it costs, and what order to pay it down in. Use when planning a refactoring sprint, when justifying engineering time to stakeholders, when the user asks where the codebase hurts most, or when onboarding to a legacy system. | 100 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
smart-mutation-operator-generator Generates domain-specific mutation operators beyond the standard arithmetic/relational set — mutations tailored to your codebase's idioms, APIs, and bug history that standard tools don't try. Use when generic mutation testing plateaus, when your domain has specific failure modes, or when mining bug history reveals patterns standard operators miss. | 90 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
invariant-inference Infers likely loop invariants and function contracts by observing execution traces, synthesizing candidates, and checking them inductively. Use when a verifier rejects a loop because the invariant is missing or too weak, when a Daikon-style tool is needed, or before translating code to a verification language. | 97 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
metamorphic-test-generator Generates metamorphic tests — tests that check relationships between multiple runs instead of checking exact outputs, useful when the correct output is unknown or expensive to compute. Use when there's no oracle, when testing ML/numerical/search code, or when the spec describes properties rather than values. | 94 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
ambiguity-detector Detects ambiguity in natural-language requirements — weak words, dangling references, underspecified quantities, conflicting interpretations — before they become implementation bugs. Use when reviewing requirements, when a spec uses words like "appropriate" or "fast", or when two engineers read the same requirement and built different things. | 100 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
verified-pseudocode-extractor Extracts human-readable pseudocode from a verified formal artifact (Dafny, Lean, TLA+) while preserving the verified properties as annotations, so the proof-carrying logic can be reimplemented in a production language. Use when porting verified code to an unverified target, when documenting what a formal spec actually does, or when handing a verified algorithm to an implementer. | 90 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
tlaplus-guided-code-repair TLA+-specific instance of model-guided repair — reads a TLC error trace, identifies the enabling condition that should have been false, strengthens the corresponding action, and maps the fix to source code. Use when TLC reports an invariant violation or deadlock and you have the code-to-TLA+ mapping from extraction. | 90 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
smv-model-extractor Extracts an SMV (NuSMV/nuXmv) finite-state model from code or state-machine descriptions, for CTL/LTL model checking of reactive systems. Use when verifying hardware-adjacent or embedded logic, when the state space is naturally finite and small, or when CTL branching-time properties are needed. | 89 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
config-consistency-checker Detects inconsistencies across configuration files, environments, and deployment manifests — missing keys, drifted values, type mismatches. Use when debugging why staging behaves differently from production, before a deploy to catch config drift, or when auditing multi-environment configs. | 100 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
code-comment-generator Generates code comments that explain non-obvious intent, constraints, and tradeoffs — not what the code already says. Use when code is correct but opaque, when documenting for future maintainers, or when a function's why is harder to see than its what. | 94 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
unit-test-generator Generates unit tests for a function or class by analyzing branches, boundaries, and error paths — then emits test code in the project's existing framework and style. Covers happy path, edge cases, and failure modes with mocks for external dependencies. Use when writing tests for new code, when backfilling coverage on untested functions, when the user asks to generate tests, or when a coverage report shows specific gaps. | 97 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
code-pattern-extractor Identifies recurring structural patterns in a codebase — idioms, copy-paste clones, homegrown abstractions — and characterizes each as a reusable template. Use when learning a codebase's conventions, when hunting for copy-paste that should be a function, or when documenting how this team does things. | 100 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
python-test-updater Updates broken pytest tests after intentional code changes — triaging assertion failures from mock-coupling failures from genuine regressions, using Python's introspection to automate where safe. Use when a refactor or API change leaves a pile of failing tests and you need to decide update vs. fix vs. delete. | 97 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
test-guided-bug-detector Uses failing test results as signals to guide bug search and narrow down candidate fault locations. Use when one or more tests are failing and the user wants to understand what's broken, when CI reports failures, or when triaging a batch of test failures after a change. | 93 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
configuration-generator Generates configuration files for services and tools (app config, logging config, linter config, database config) from a brief description of desired behavior, matching the target format's idioms. Use when bootstrapping a new service, when the user asks for a config file for a specific tool, or when translating config intent between formats. | 97 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
test-case-reducer Shrinks a failing test input to its minimal form while preserving the failure — delta debugging and structured shrinking to find the smallest input that still triggers the bug. Use when a fuzzer or property test finds a failure with a huge input, when a bug report has an unwieldy reproduction, or when you need a minimal test case for a regression suite. | 100 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
bug-reproduction-test-generator Creates minimal, reproducible test cases from bug reports to confirm the defect before and after a fix. Use when a bug is reported without a failing test, when the user needs a regression test for a fix, or when the user asks to reproduce a bug as a test. | 100 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
api-design-assistant Reviews and designs API contracts — function signatures, REST endpoints, library interfaces — for usability, evolvability, and the principle of least surprise. Use when designing a new public interface, when reviewing an API PR, when the user asks whether a signature is well-designed, or when planning a breaking change. | 100 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
spring-mvc-to-boot-migrator Migrates a Spring MVC application to Spring Boot, converting XML config to auto-configuration, restructuring the project, and replacing container deployment with embedded. Use when modernizing a legacy Spring app, when moving off a standalone servlet container, or when the user has web.xml and wants application.yml. | 97 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
pseudocode-to-java-code Translates pseudocode into idiomatic Java, inferring types, choosing collection classes, and handling exceptions per Java conventions. Use when implementing an algorithm from a paper or spec, when the user hands you pseudocode and wants Java, or when realizing a verified-pseudocode artifact. | 100 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
code-review-assistant Performs structured code review on a diff or file set, producing inline comments with severity levels and a summary. Checks correctness, error handling, security, and maintainability — in that priority order. Use when reviewing a pull request, when the user asks for a code review, when preparing code for merge, or when a second opinion is needed on a change. | 100 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
component-boundary-identifier Identifies natural component boundaries inside a monolith by clustering the dependency graph, finding the cuts with minimum coupling. Use when planning to modularize or extract microservices, when deciding what can be deployed independently, or when the user asks where the seams in this codebase are. | 100 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
java-test-updater Updates broken JUnit tests after a deliberate code change — distinguishing tests that broke because the behavior changed (update assertion) from tests that broke because they were overcoupled to structure (loosen or delete). Use after API changes, refactors, or intentional behavior changes leave a trail of failing tests. | 97 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb | |
legacy-code-summarizer Summarizes undocumented legacy code by inferring intent from structure, naming, data flow, and calling context — explicitly flagging what's inferred vs. what's certain. Use when onboarding to inherited code, when documentation is missing or wrong, or when deciding whether legacy code is safe to change. | 100 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 47d56bb |