Explorar skills

Review healthcare software for operational efficiency: appointment scheduling and resource allocation, clinical workflow burden (order entry clicks, documentation templates, alert fatigue), EHR/LIS/pharmacy/PACS integrations (HL7v2, FHIR, NCPDP SCRIPT, EDI 837/835), patient flow (ADT, bed management, wait times, throughput), quality reporting (CMS, HEDIS, MIPS), staff credentialing and workload ba

Audit mobile apps against OWASP Mobile Top 10 (M1-M10): credential hardcoding, supply chain dependencies, insecure auth/token storage (Keychain/Keystore), input validation (deep links, WebView XSS), certificate pinning (OkHttp, TrustKit, Alamofire), privacy (PII in logs, clipboard, screenshots), binary protections (ProGuard/R8, obfuscation, anti-tampering), security misconfiguration (backup, expor

Audit procurement and procure-to-pay software for sourcing, purchasing, and vendor management. Reviews requisition-to-PO workflows, RFQ/RFP bid management, approval routing with delegation and escalation, purchase order lifecycle (standard, blanket, contract POs), three-way matching (PO-receipt-invoice), budget encumbrance controls, vendor onboarding and scorecards (on-time delivery, quality, pric

Audit codebases for cross-industry regulatory compliance across SOX, GDPR, HIPAA, PCI-DSS, CCPA/CPRA, FedRAMP, FISMA, COPPA, and FERPA. Reviews audit trail completeness (who/what/when/where/why with tamper-evident storage), data retention policies and right-to-erasure workflows, RBAC/ABAC access control with least-privilege enforcement, privileged access management and JIT elevation, change manage

Security audit and vulnerability assessment for any codebase. Scans for authentication bypasses, missing auth middleware, broken JWT validation (algorithm confusion, weak secrets, missing expiry), OAuth state and PKCE flaws, IDOR and horizontal privilege escalation, vertical privilege escalation via role manipulation, SQL injection, NoSQL injection, XSS (stored, reflected, DOM), command injection,

Audit healthcare and caregiving software for provider burnout risk factors. Analyzes workload distribution fairness, scheduling equity, documentation burden, alert fatigue indicators, break and rest compliance, overtime patterns, and systemic contributors to staff burnout. Produces a burnout risk scorecard with actionable recommendations tied to patient safety outcomes. Use when you need to audit

Statically scan a CSS / single-file HTML / multi-file frontend project for references to undefined CSS custom properties — the silent class of bug where `color: var(--ink-2)` is written but `--ink-2` is never declared in any `:root { ... }` block, and the text renders invisible because `var()` with no fallback resolves to the unset initial value. TRIGGER this skill whenever the user says any of: "

Review database schema design, query patterns, and data access layer for correctness and performance. Checks normalization balance, index coverage against actual queries, constraint completeness (NOT NULL, FK, unique, check, defaults), data type correctness (money as DECIMAL not FLOAT, timestamps with timezone), N+1 query detection, connection pooling configuration, transaction safety, and migrati

Audit fintech and financial services code for KYC/AML (CIP, CDD, EDD, sanctions screening, transaction monitoring), BSA (SAR/CTR filing, FinCEN reporting, Travel Rule), Reg E (EFT error resolution, unauthorized transfer liability, provisional credit), SOX (audit trails, segregation of duties, financial controls), GLBA (privacy notices, Safeguards Rule, data sharing), and state money transmitter li

Audit game projects for accessibility across visual (colorblind modes, contrast, font scaling, photosensitivity), audio (subtitles, captions, visual sound indicators, mono audio), motor (remappable controls, one-handed play, hold-to-toggle, QTE alternatives), cognitive (difficulty options, tutorials, quest logs, hint systems), and communication (CVAA text chat, voice-to-text). Checks Xbox Accessib

Audit affordable housing and property management software for Fair Housing Act (protected classes, disparate impact screening, AFFH), Section 504/ADA accessibility (5% mobility units, reasonable accommodations), HUD reporting (HUD-50058, PHAS, SEMAP), LIHTC compliance (IRS Section 42 income certification, rent calculation, 8823 noncompliance), lead paint disclosure (pre-1978, EPA RRP), VAWA protec

Pre-submission audit for Apple App Store and Google Play Store compliance. Checks App Store Review Guidelines (safety, performance, business, design, legal sections) and Google Play Developer Policies (user data, permissions, deceptive behavior, monetization, store listing, content). Reviews In-App Purchase and Play Billing requirements, privacy policy and data collection disclosure, App Tracking