全部能力

This skill ensures all code follows security best practices and identifies potential vulnerabilities. Use when implementing authentication or authorization,…

Review a pull request diff and write structured feedback to review.json for the workflow to publish. Use when reviewing a checked-out PR from local artifacts…

通过在此仓库中生成、编辑或完善 SKILL.md 文件来创建或更新技能。适用于编写新技能或修改结构……

Comprehensive checklist for conducting thorough code reviews covering functionality, security, performance, and maintainability

INVOKE THIS SKILL for LLM-as-judge evaluation workflows on Arize: creating/updating evaluators, running evaluations on spans or experiments, tasks,…

Creates and manages annotation configs (categorical, continuous, freeform label schemas) and annotation queues (human review workflows) on Arize. Applies human…

INVOKE THIS SKILL when downloading, exporting, or inspecting Arize traces and spans, or when a user wants to look at what their LLM app is doing using existing…

Prepare and publish GitHub releases. Sanitizes code for public release (secrets scan, personal artifacts, LICENSE/README validation), creates version tags, and…

Salesforce Industries Common Core (OmniStudio/Vlocity) Apex callable generation and review with 120-point scoring. TRIGGER when: user creates or reviews System.Callable classes, migrates `VlocityOpenInterface` / `VlocityOpenInterface2`, or builds Industries callable extensions used by OmniStudio, Integration Procedures, or DataRaptors. DO NOT TRIGGER when: generic Apex classes/triggers (use sf-apex), building Integration Procedures (use sf-industry-commoncore-integration-procedure), authoring OmniScripts (use sf-industry-commoncore-omniscript), configuring Data Mappers (use sf-industry-commoncore-datamapper), or analyzing namespace/dependency issues (use sf-industry-commoncore-omnistudio-analyze).

Generative Engine Optimization for AI search engines (ChatGPT, Claude, Perplexity).

根据 OWASP Agentic Security Initiative (ASI) Top 10 风险检查任意 AI agent 代码库。在以下场景使用此技能： - 生产部署前评估 agent 系统安全态势 - 针对 OWASP ASI 2026 标准运行合规检查 - 将现有安全控制映射到 10 项 agentic 风险 - 生成安全审查或审计用的合规报告 - 对比 agent 框架安全特性与标准差异 - 处理类似"我的 agent 是否符合 OWASP 标准"、"检查 ASI 合规性"或"agentic 安全审计"的请求

MANDATORY: Run appropriate validation tools after EVERY code change. Do not finish a task until the code is error-free.

基于 NVIDIA garak 构建的 AI 模型安全扫描器，通过 179 个安全探针对 35 个漏洞家族测试 LLM

Expert skill for building, customizing, and embedding the FlipOff split-flap display emulator — a free, offline-capable web app that turns any browser/TV into…

Expert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks.

Resolves unresolved GitHub PR review threads end-to-end: evaluates whether each review comment is correct, applies a targeted fix when valid, replies with…

验证 AI 智能体插件、工具和依赖项的供应链完整性。在以下场景使用此技能： - 为智能体插件或工具包生成 SHA-256 完整性清单 - 验证已安装插件与其发布的清单是否匹配 - 检测智能体工具目录中被篡改、修改或未跟踪的文件 - 审计智能体组件的依赖固定和版本策略 - 为智能体插件推广构建来源链（开发 → 预发布 → 生产） - 任何类似"验证插件完整性"、"生成清单"、"检查供应链"或"签名此插件"的请求

Diagnose and audit SEO issues affecting crawlability, indexation, rankings, and organic performance.

Audit MCP (Model Context Protocol) server configurations for security issues. Use this skill when: - Reviewing .mcp.json files for security risks - Checking MCP server args for hardcoded secrets or shell injection patterns - Validating that MCP servers use pinned versions (not @latest) - Detecting unpinned dependencies in MCP server configurations - Auditing which MCP servers a project registers and whether they're on an approved list - Checking for environment variable usage vs. hardcoded credentials in MCP configs - Any request like "is my MCP config secure?", "audit my MCP servers", or "check .mcp.json" keywords: [mcp, security, audit, secrets, shell-injection, supply-chain, governance]

Use when the user asks how code works, wants to understand architecture, trace execution flows, or explore unfamiliar parts of the codebase. Examples: \"How…