ing

测试和评估 LLM agent，包括行为测试、能力评估、可靠性指标和生产环境监控——即便是顶尖的 agent…

Design clear, accessible data visualizations with appropriate chart selection and styling.

SSTI playbook. Use when template expressions, server-side rendering, preview features, or templating engines may evaluate attacker-controlled content.

Strategic product leadership toolkit for Head of Product including OKR cascade generation, market analysis, vision setting, and team scaling. Use for strategic…

钉钉 AI 表格（多维表）操作技能。使用 mcporter CLI 连接钉钉官方新版 AI 表格 MCP server，基于 baseId / tableId / fieldId / recordId 体系执行 Base、Table、Field、Record 的查询与增删改。适用于创建 AI…

Use when building fintech apps. Keywords: fintech, trading, decimal, currency, financial, money, transaction, ledger, payment, exchange rate, precision,…

Expression Language injection playbook. Use when Java EL, SpEL, OGNL, or MVEL expressions may evaluate attacker-controlled input in Spring, Struts2, Confluence, or similar frameworks.

Use when building IoT apps. Keywords: IoT, Internet of Things, sensor, MQTT, device, edge computing, telemetry, actuator, smart home, gateway, protocol, 物联网,…

着陆页质量评估，用于付费广告活动。评估信息匹配度、页面速度、移动体验、信任信号、表单优化，以及…

对 Webflow 页面运行全面的无障碍审核（WCAG 2.1）——检查按钮、表单、链接、焦点状态、标题、键盘导航，并生成…

Generates professional, publisher-grade Game Design Documents (GDD) as polished .docx and .pdf files. Turns a game concept into a comprehensive 40-80 page document covering core gameplay loop, mechanics, UX flows, art direction, monetization strategy, technical requirements, and competitive analysis. Also generates companion pitch decks (.pptx) and one-page pitches. Use when users want to create a GDD, game pitch, game concept document, or game design specification.

Design UI pages in Subframe. Use when building new UI, iterating on existing UI, exploring design options, or to get a visual starting point to refine in the…

Help define company values and culture for a minimalist business. Use when someone is setting up their company culture, preparing to hire, or wanting to codify…

Format string exploitation playbook. Use when printf-family functions receive user-controlled format strings, enabling arbitrary stack reads (%p/%s), arbitrary memory writes (%n/%hn/%hhn), GOT/hook overwrites, and canary/libc/PIE leaks.

Three.js、3D 图形和交互式 3D 可视化专家

Tailwind CSS advanced design systems with design tokens and @theme configuration

Linux kernel exploitation playbook. Use when exploiting kernel vulnerabilities (UAF, OOB, race condition, type confusion) for privilege escalation via commit_creds, modprobe_path overwrite, or kernel ROP chains in CTF and real-world scenarios.

Computer vision engineering skill for object detection, image segmentation, and visual AI systems. Covers CNN and Vision Transformer architectures, YOLO/Faster…

HTTP Host header injection and routing abuse playbook. Use when the application trusts the Host header for generating URLs, routing requests, or access control — enabling password reset poisoning, web cache poisoning, SSRF via routing, and virtual host bypass.

Stack overflow and ROP playbook. Use when exploiting buffer overflows to hijack control flow via return address overwrite, ROP chains, ret2libc, ret2csu, ret2dlresolve, or SROP on Linux userland binaries.