全部能力

MUST be used whenever fixing security issues in a Flows app, or before shipping any feature that handles credentials, user input, or external data. This skill…

Deep architectural audit focused on finding dead code, duplicated functionality, architectural anti-patterns, type confusion, and code smells. Use when user…

Google Calendar 集成。管理通信数据、记录和工作流。当用户需要与 Google Calendar 数据交互时使用。

CRM-lite for managing GEO agency prospects and clients. Track leads through the full sales pipeline: Lead → Qualified → Proposal Sent → Won → Lost. Store audit history, notes, deal values, and generate pipeline summaries. Use when user says "prospect", "lead", "client", "pipeline", "crm", "nuovo prospect", "aggiungi cliente", or when managing the business side of GEO services.

Security audit for LLM and GenAI applications using OWASP Top 10 for LLM Apps 2025. Assess prompt injection, data leakage, supply chain, and 7 more critical…

Query and analyze business data in NocoBase via MCP. Use when users want current counts, grouped breakdowns, owner/source distributions, or business summaries…

Monthly delta tracking and progress reporting for GEO clients. Compares two GEO audits (baseline vs. current), calculates score improvements across all categories, tracks action item completion, and generates a "here's your progress" client report. Use when user says "compare", "delta", "monthly report", "progress", "confronta", "progressi", "report mensile", or when running a monthly client check-in.

SAP S4 HANA integration. Manage Organizations, Persons, Leads, Deals, Activities, Notes and more. Use when the user wants to interact with SAP S4 HANA data.

Analyze Supabase authentication configuration for security weaknesses and misconfigurations.

Microsoft Teams integration. Manage communication data, records, and workflows. Use when the user wants to interact with Microsoft Teams data.

Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security…

Security review and guidance for iOS, macOS, and watchOS apps. Covers secure storage, biometric authentication, network security, and platform-specific…

构建灵活的 API 过滤与排序系统，支持查询参数解析、验证与安全防护。适用于实现搜索端点、构建数据…

Build Python APIs with FastAPI, Pydantic v2, and SQLAlchemy 2.0 async. Covers project structure, JWT auth, validation, and database integration with uv package manager. Prevents 7 documented errors. Use when: creating Python APIs, implementing JWT auth, or troubleshooting 422 validation, CORS, async blocking, form data, background tasks, or OpenAPI schema errors.

ALWAYS `render inertia: { key: data }` to pass data as props — instance variables are NOT auto-passed (only alba-inertia does that). Rails controller patterns for Inertia.js: render inertia, prop types (defer, optional, merge, scroll), shared data, flash, PRG redirects, validation errors. Use when writing controllers that load data, display records, or serve Inertia responses. CRITICAL: external URLs (Stripe/OAuth) MUST use inertia_location, NEVER redirect_to.

Orchestration hub for Microsoft Graph API across Microsoft 365 services. Use for Graph API integrations, querying Microsoft 365 data, and building applications…

Airtable 集成。管理项目管理数据、记录和工作流。当用户需要与 Airtable 数据交互时使用。

Analyze spending patterns and find savings. 50/30/20 rule, subscription audit, debt payoff strategies, emergency fund roadmap.

Test Supabase Realtime WebSocket channels for unauthorized subscriptions and data exposure.

Analyzes positive customer reviews to surface deep customer insights for ad copy. Use this whenever a user provides customer reviews and wants to understand…