JHostalek

Use when auditing and fixing security in a scope — injection (SQL, shell, template), auth/authz gaps, secrets in code or logs, weak crypto, missing validation at trust boundaries, XSS, SSRF, path traversal. Triggers on "audit security", "security review", "fix vulnerabilities", "OWASP check".

Use when the user needs a monthly work summary, time-tracking report, or commit-based activity recap.

Use when the goal is to reduce code size, remove unnecessary complexity, or simplify a module without removing user-facing behavior.

Use when auditing and fixing error handling in a scope — swallowed exceptions, defaults returned on error, optional chaining masking missing data, floating promises / missing awaits, entry points with no error boundary, resource leaks on error paths. Triggers on "audit error handling", "hunt silent failures", "fix swallowed errors", "check error boundaries", "missing await".

Use when cutting code in a folder that doesn't earn its keep — whether a solution is over-engineered, where maintenance cost can be reduced, or where a feature should be removed entirely.

Use when auditing and fixing performance hot paths in a scope — N+1 queries, overfetching, wasted recomputation, blocking hot paths, unbounded growth. Triggers on "audit performance", "fix slow paths", "check for N+1", "performance review".

Use when the user needs design exploration, multiple distinct solution directions, or tradeoff-driven options before implementation.

Use when the user wants a thorough audit of the existing test suite — aggressively cutting tests that exist just to exist, rewriting weak ones to actually catch the bugs they should, identifying production code that is uncovered or thinly covered, and adding tests where coverage would catch real defects. Trigger on "audit tests", "find test bloat", "tests don't catch anything", or similar requests

Use when the user wants an independent expert review of work done in this conversation before accepting or extending it.

Use when the user asks to create or update a pull request for the current branch.

Use when auditing comments, docstrings, or embedded documentation prose in a scope — to strip bloat and rewrite cluttered-but-justified entries. Triggers on "audit comments", "clean up docstrings", "strip stale comments", "comment cleanup".

Use when auditing and fixing logic bugs in a scope — off-by-one, wrong operator, inverted condition, unhandled boundary cases, unit/dimension mismatch, code that doesn't do what its name or docstring claims. Triggers on "audit correctness", "fix logic bugs", "check for off-by-one", "correctness review".

Use when auditing and fixing logging in a scope — missing observability, INFO bloat that doesn't scale, stale or wrong-level messages, payload dumps on routine paths. Triggers on "audit logs", "fix logging", "logging review", "clean up log noise".

Use when auditing and unifying pattern consistency in a scope — divergent implementations of the same concern, reimplementations of existing utilities, naming violations, import disorder, unused dependencies. Triggers on "audit patterns", "fix inconsistencies", "unify conventions", "fix reimplementations", "pattern review".

Use when the user asks to commit, create a git commit, checkpoint changes, save work to git, or write a commit message.

Use when the user asks to improve, compare, audit, or identify gaps in an existing skill.

Use when auditing repo topology in a scope — code grouped by type where the repo groups by feature, god-modules, misplaced files, leaky or missing module boundaries, layer-direction violations, import cycles, over-nesting. Triggers on "audit structure", "repo structure review", "fix module boundaries", "check layering", "files in the wrong place".

Use when the user needs help choosing, evaluating, fixing, extending, or operationalizing colors for any interface. Trigger on requests about palettes, color grading, themes, semantic roles, contrast, tokens, visual tone, muddy or washed-out UI, dark mode, light mode, state colors, or making colors feel right. Use this skill to teach flexible color judgment and, when useful, support that judgment

Use when the user asks how to do something, wants a skill for a task, or wants to discover and install new agent capabilities.

Use when a task spans multiple files or workstreams and benefits from parallel implementation by an agent team.

Use when the user asks to rebase the current branch onto another branch or update branch history without merging.

Use when rewriting an existing skill so Opus 4.8 (or any frontier reasoning model) executes it with better judgment, less scaffolding, and tighter calibration. Do NOT trigger for new skills from scratch (use skill-creator) or for prompt artifacts (use prompt).

Use when the user asks to merge another branch into the current branch, pull upstream changes without rebasing, or resolve merge conflicts.

Use when the user asks to create, refine, evaluate, or optimize an LLM prompt. Do NOT trigger for Claude Code skills (use skill-creator) or when rewriting an existing skill (use transformer). Example triggers - "write a prompt for my summarizer", "tighten this system prompt", "evaluate this agent prompt".

Use after making changes to run the project's quality gates and report pass or fail for each relevant check.

Use when the user has a proposal, position, or design and wants it adversarially pressure-tested before committing.

Use when a task is multi-step, ambiguous, or high-impact and you need an executable implementation plan before editing code.

Use when reviewing a pull request, merge request, or local diff for correctness, security, and code quality.

Use when the user wants to improve website search visibility, AI search visibility, schema markup, indexing, metadata, or keyword targeting.

Use when reviewing a user-facing page or flow for usability issues, confusion, friction, or missed UX principles.

Use when removing a git worktree and cleaning up its associated local branch from the main repository.

Use when starting new feature work that should happen in an isolated git worktree on its own branch.

Use when running the full audit sweep on a scope — runs the focused audit dimensions (necessity, structure, patterns, correctness, error handling, logs, perf, security, tests, complexity, comments) as a parallel-worktree workflow that integrates in dependency order. Triggers on "audit", "full audit", "audit everything".