83 canonical skills. Every one documented.

Scans for auth gaps, hardcoded secrets, missing RLS, XSS, CSRF, unprotected routes, exposed env vars.

View full spec →

Enterprise code review on recent changes or GitHub PRs. Checks standards, anti-patterns, error handling, type safety.

View full spec →

Verifies API routes for auth, error handling, response shape, HTTP status codes, input validation.

View full spec →

Audits dependencies for vulnerabilities, outdated packages, license issues, unused deps.

View full spec →

Pre-deployment verification — types, lint, tests, env vars, migrations, build, git state.

View full spec →

Runs ALL enterprise audit skills in sequence — security, code review, API contracts, dependency audit, pre-deploy, testing verification.

View full spec →

Scans for performance anti-patterns, slow queries, bundle size issues, memory leaks, unnecessary re-renders.

View full spec →

Scans for WCAG 2.1 AA compliance — alt text, ARIA roles, keyboard navigation, color contrast, focus management.

View full spec →

Audits RAG systems for compliance with retrieval governance. Checks retrieval order, prompt hardening, injection defense, context firewall, metadata provenance, hybrid retrieval, and code generation grounding.

View full spec →

Audits agentic AI systems for compliance with agent governance. Checks capability declarations, scope boundaries, planning governance, delegation chains, stop conditions, and verification protocol.

View full spec →

Audits model fine-tuning and alignment pipelines. Checks dataset governance, sanitization, evaluation metrics, drift prevention, version control, and audit trail.

View full spec →

Maps codebase against regulatory compliance frameworks (SOC 2, HIPAA, GDPR). Generates compliance matrices and gap reports.

View full spec →

Deep anti-hallucination verification aligned with Anthropic and OpenAI best practices. Cross-reference validation, code grounding checks, capability claim verification, RAG grounding, and refactor integrity analysis. Three-layer enforcement: baseline governance, code generation guards, and on-demand deep audit.

View full spec →

Predicts the impact of a proposed code change using static dependency analysis, test coverage overlay, git history, and deployment topology.

View full spec →

Analyzes test quality beyond coverage numbers — assertion strength, mock depth, branch path coverage, edge case gaps, and business-critical code protection.

View full spec →

Detects stale, wrong, or misleading documentation by cross-referencing docs against current code.

View full spec →

Reconstructs the history and rationale behind code decisions using git history, documentation cross-references, and staleness analysis.

View full spec →

Enterprise threat modeling using STRIDE, DREAD, and attack trees. Identifies threats against architecture, data flows, trust boundaries, and entry points. Generates threat matrices and mitigation plans.

View full spec →

Audits and remediates infrastructure, application, and network security. Covers OWASP Top 10, CIS Benchmarks, HTTP headers, TLS, CORS, CSP, container security, IAM, supply chain, and zero-trust assessment.

View full spec →

Sarbanes-Oxley compliance and financial security agent. Audits financial data handling, access controls, audit trails, change management, segregation of duties. Covers SOX Section 302/404, COSO framework, and ITGC.

View full spec →

Expert UX evaluation using Nielsen's 10 Heuristics, cognitive walkthroughs, information architecture audits, and form UX analysis. Severity-rated findings with actionable recommendations.

View full spec →

Verifies codebase adherence to design system specifications. Audits design tokens, component patterns, typography, color palette, spacing, and responsive behavior.

View full spec →