ymd38
@ymd38
Public Skills
vulnerability-scan
by ymd38
Run an offensive security audit (OWASP-based) using Semgrep and produce a read-only vulnerability report. Use before committing code to detect Broken Access Control, Injection (SQL/NoSQL/OS/Template), Frontend Security issues (XSS/CSP/HSTS), SSRF, and hardcoded secrets or PII exposure. Triggers on requests like "security scan", "vulnerability check", "audit security", "find vulnerabilities", "/vulnerability-scan", or when asked for an offensive security review of the codebase. Does NOT modify any code — read-only inspection only.
software-evaluation
by ymd38
Evaluate code quality across five pillars (Architecture, Reliability, Observability, Security, DX) and produce a 1-10 scorecard with a strategic improvement roadmap. Use when you want a comprehensive quality review of a directory or module. Triggers on requests like "evaluate code quality", "review architecture", "score my code", "code audit", "/software.evaluation", or when asked for a quality assessment of a directory from a CTO or architect perspective.
spec-doc
by ymd38
Generate or sync a "Living Specification" (docs/spec.md) from source code to eliminate doc-code drift. Use when creating, updating, or reviewing architecture documentation for a directory or module. Triggers on requests like "generate spec", "create spec.md", "sync documentation", "update architecture docs", "/spec.doc", or when asked to document a codebase directory.