Explorar skills

Systematic audit against the OWASP 2021 Top 10 web application security risks with severity-rated, file-level findings. Checks A01 Broken Access Control (IDOR, path traversal, CORS, privilege escalation), A02 Cryptographic Failures (weak algorithms, exposed secrets, missing TLS), A03 Injection (SQL, NoSQL, command, XSS, LDAP, XPath, template injection), A04 Insecure Design (missing rate limiting,

PCI DSS v4.0 compliance audit for payment-handling codebases. Scans for PAN patterns (Visa, Mastercard, Amex, Discover), CVV storage violations, and track data retention. Audits all 12 requirements: network security controls (firewall rules, CDE segmentation, default-deny), secure configurations (default credentials, hardening), stored cardholder data protection (AES-256 encryption, masking first-

Full-stack security posture assessment with 0-100 risk scoring. Scans dependency vulnerabilities (npm audit, pip-audit, cargo audit, govulncheck), dangerous code patterns (SQL injection, eval, command injection, ReDoS, innerHTML, XSS vectors), authentication gaps (missing auth middleware, CSRF, hardcoded JWT secrets, insecure session flags), insecure crypto (MD5/SHA1 password hashing, Math.random

Audit energy utility software for NERC CIP cybersecurity, FERC market and tariff compliance, EPA emissions and CEMS reporting, renewable portfolio standards (RPS/REC tracking), pipeline safety (49 CFR 192/195), SCADA security, carbon market compliance, and state PUC/ISO/RTO requirements. Use when reviewing power generation, transmission, distribution, pipeline, renewable, EV charging, or energy tr

Review game code architecture for component coupling, ECS vs OOP design, update loop organization (deltaTime, fixed timestep, frame budget), state machine quality (boolean soup, string states), save/load serialization (versioning, migration, corruption handling), input handling (action-based abstraction, buffering, remapping), and anti-patterns (god objects, find-in-update, tight loop allocation,

Audit manufacturing software for FDA 21 CFR Part 11 (electronic records, e-signatures, audit trails), ISO 9001/13485/14001/45001 quality management (document control, CAPA, nonconformance), GMP batch records and cleaning validation, lot/serial traceability (forward, backward, process, recall-ready), OSHA safety (incident tracking, LOTO, PPE), hazmat handling (SDS, chemical inventory, RCRA waste),

Audit construction permit tracking, building code compliance, and inspection management software. Reviews permit lifecycle workflows (building, electrical, plumbing, mechanical, demolition, zoning, certificate of occupancy), IBC code reference systems, ADA and Fair Housing accessibility checks, fire and life safety compliance, NEPA and CWA environmental review, stormwater NPDES/SWPPP tracking, LEE

Fetches dependency vulnerabilities from Vanta, Snyk, Dependabot, or GitHub Security Advisories, creates a tracking issue in Jira/Linear/GitHub Issues, then fixes, commits, pushes, and opens PRs for each affected repo. Trigger on: vulnerabilities, security scan, Vanta, CVE, dependency audit, Snyk, Dependabot.

GDPR and CCPA/CPRA privacy compliance audit for codebases. Inventories PII fields (email, phone, SSN, IP, device ID, geolocation, biometrics, behavioral data), maps data collection points (forms, APIs, cookies, analytics, error tracking), audits consent mechanisms (cookie banners, opt-in, pre-checked boxes, consent withdrawal), verifies data subject rights implementation (right to access, erasure,

Deep HIPAA Security Rule technical audit mapping code-level findings to 45 CFR sections. Covers administrative safeguards (164.308 -- risk analysis, workforce security, access management, incident procedures, contingency planning), physical safeguards (164.310 -- facility access, workstation security, session timeout, device controls, crypto-shredding), and technical safeguards (164.312 -- unique

Automated WCAG 2.1 AA accessibility testing with axe-core and Lighthouse CI. Auto-detects frontend framework (React, Next.js, Vue, Angular, Svelte, Astro, Flutter, React Native), discovers all routes and interactive components, installs Playwright + axe-core for page-level scanning and jest-axe/vitest-axe for component-level testing. Generates tests for color contrast (4.5:1), alt text, form label

Make interfaces truly adaptive — not just responsive. Uses container queries for component-level adaptation, adaptive navigation patterns, and platform-aware layouts for web, mobile, tablet, and desktop. Use when: 'make responsive', 'responsive design', 'adaptive layout', 'container queries', 'mobile layout', 'tablet layout', 'desktop layout', 'breakpoints'.