aleister1102
@aleister1102
Public Skills
issue-triage
by aleister1102
Use when triaging GitHub security issues — fetch issues by number or range, classify as false positive or true positive, assess bypass potential, and then label and close each issue with a brief comment. Triggers on "validate issue N", "triage issues 189-199", "check if issue is exploitable", "close false positive issues".
security-agent-efficiency
by aleister1102
Use when running a full security audit of an arbitrary source code repository. Orchestrates a 9-phase workflow combining advisory intelligence, patch bypass analysis, knowledge base construction, SAST, spec gap analysis, deep bug hunting, false positive elimination, and variant analysis. Triggers on "audit this repo", "run a full security audit", "find vulnerabilities in this codebase", "check for security issues", "is this secure?", "run the security agents", or any request combining advisory regression, SAST, and manual review.
agents-md-generator
by aleister1102
Create or update minimal AGENTS.md files in the repository root and nested module directories using progressive disclosure. Works across heterogeneous projects without assuming any fixed agent folder structure.
executing-plans
by aleister1102
Use when you have a written implementation plan to execute in a separate session with review checkpoints
git-cleanup
by aleister1102
"Safely analyzes and cleans up local git branches and worktrees by categorizing them as merged, squash-merged, superseded, or active work."
agents-md
by aleister1102
This skill should be used when the user asks to "create AGENTS.md", "update AGENTS.md", "maintain agent docs", "set up CLAUDE.md", or needs to keep agent instructions concise. Enforces research-backed best practices for minimal, high-signal agent documentation.
create-readme
by aleister1102
"Create a README.md file for the project"
semgrep
by aleister1102
Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full ruleset coverage) and "important only" (high-confidence security vulnerabilities). Automatically detects and uses Semgrep Pro for cross-file taint analysis when available. Use when asked to scan code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform static analysis. Spawns parallel workers for multi-language codebases.
ffuf-web-fuzzing
by aleister1102
Expert guidance for ffuf web fuzzing during penetration testing, including authenticated fuzzing with raw requests, auto-calibration, and result analysis
prompt-builder
by aleister1102
"Guide users through creating high-quality GitHub Copilot prompts with proper structure, tools, and best practices."
agent-md-refactor
by aleister1102
Refactor bloated AGENTS.md, CLAUDE.md, or similar agent instruction files to follow progressive disclosure principles. Splits monolithic files into organized, linked documentation.
brainstorming
by aleister1102
"You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation."
test-driven-development
by aleister1102
Use when implementing any feature or bugfix, before writing implementation code
prompt-optimizer
by aleister1102
Transform vague prompts into precise, well-structured specifications using EARS (Easy Approach to Requirements Syntax) methodology. This skill should be used when users provide loose requirements, ambiguous feature descriptions, or need to enhance prompts for AI-generated code, products, or documents. Triggers include requests to "optimize my prompt", "improve this requirement", "make this more specific", or when raw requirements lack detail and structure.
git-commit
by aleister1102
'Execute git commit with conventional commit message analysis, intelligent staging, and message generation. Use when user asks to commit changes, create a git commit, or mentions "/commit". Supports: (1) Auto-detecting type and scope from changes, (2) Generating conventional commit messages from diff, (3) Interactive commit with optional type/scope/description overrides, (4) Intelligent file staging for logical grouping'
fp-check
by aleister1102
"Systematically verifies suspected security bugs to eliminate false positives. Produces TRUE POSITIVE or FALSE POSITIVE verdicts with documented evidence for each bug."
create-specification
by aleister1102
"Create a new specification file for the solution, optimized for Generative AI consumption."
code-reviewer
by aleister1102
Use this skill to review code. It supports both local changes (staged or working tree)
i18n-expert
by aleister1102
This skill should be used when setting up, auditing, or enforcing internationalization/localization in UI codebases (React/TS, i18next or similar, JSON locales), including installing/configuring the i18n framework, replacing hard-coded strings, ensuring en-US/zh-CN coverage, mapping error codes to localized messages, and validating key parity, pluralization, and formatting.
update-specification
by aleister1102
"Update an existing specification file for the solution, optimized for Generative AI consumption based on new requirements or updates to any existing code."
gh-address-comments
by aleister1102
Help address review/issue comments on the open GitHub PR for the current branch using gh CLI; verify gh auth first and prompt the user to authenticate if not logged in.
sharp-edges
by aleister1102
"Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes. Use when reviewing API designs, configuration schemas, cryptographic library ergonomics, or evaluating whether code follows 'secure by default' and 'pit of success' principles. Triggers: footgun, misuse-resistant, secure defaults, API usability, dangerous configuration."
docs-cleaner
by aleister1102
Dedupe and consolidate redundant docs (multiple sources of truth, overlapping guides, or docs over 500 lines). Use when merging/splitting to a canonical doc. Do not use for typo-only edits, code-driven doc updates (run update-docs first), or when archives must be preserved without change.
agentic-actions-auditor
by aleister1102
"Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attack vectors where attacker-controlled input reaches AI agents running in CI/CD pipelines, including env var intermediary patterns, direct expression injection, dangerous sandbox configurations, and wildcard user allowlists. Use when reviewing workflow files that invoke AI coding agents, auditing CI/CD pipeline security for prompt injection risks, or evaluating agentic action configurations."
codeql
by aleister1102
Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality suite) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.
variant-analysis
by aleister1102
Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue.
sarif-parsing
by aleister1102
Parses and processes SARIF files from static analysis tools like CodeQL, Semgrep, or other scanners. Triggers on "parse sarif", "read scan results", "aggregate findings", "deduplicate alerts", or "process sarif output". Handles filtering, deduplication, format conversion, and CI/CD integration of SARIF data. Does NOT run scans — use the Semgrep or CodeQL skills for that.
walkthrough
by aleister1102
Generates a self-contained HTML file with an interactive, clickable Mermaid diagram (flowchart or ER diagram) that explains how a codebase feature, flow, architecture, or database schema works. Designed for fast onboarding — each walkthrough is a visual mental model readable in under 2 minutes. Use when asked to walkthrough, explain a flow, trace a code path, show how something works, explain the architecture, visualize a database schema, or explore a data model.
skill-creator
by aleister1102
Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, update or optimize an existing skill, run evals to test a skill, benchmark skill performance with variance analysis, or optimize a skill's description for better triggering accuracy.
spec-to-code-compliance
by aleister1102
Verifies code implements exactly what documentation specifies for blockchain audits. Use when comparing code against whitepapers, finding gaps between specs and implementation, or performing compliance checks for protocol implementations.
tech-stack-evaluator
by aleister1102
Technology stack evaluation and comparison with TCO analysis, security assessment, and ecosystem health scoring. Use when comparing frameworks, evaluating technology stacks, calculating total cost of ownership, assessing migration paths, or analyzing ecosystem viability.
refactor
by aleister1102
Use when refactoring existing code to improve readability, maintainability, and structure (rename/extract/inline, reduce complexity, remove duplication, improve type safety) while preserving external behavior and public APIs.