Drive the host-side `security-scan-llm` Python CLI for LLM SAST lanes (Codex + Claude + Gemma with lane-agnostic cross-validation). Files findings into the same GitHub Projects v2 board as the deterministic `security-scan` skill, using a byte-identical fingerprint scheme so findings dedup across substrates. Config lives at `<repo>/.security-scan/config-llm.yaml` — repo-local, versioned with the repo, SEPARATE from the deterministic `<repo>/.security-scan/config.yaml`. On every run, checks the installed tool's `--version` against the bundled `SECURITY-SCAN-LLM-MANIFEST.yaml` and offers a user-confirmed upgrade + config-migration flow. Use when the user says "scan llm", "/security-scan-llm", "run codex/claude/gemma scan", or "give me a fresh LLM pass on this repo".
Drive the deterministic `leverj/security-scan` Docker image against the current repo (OSV-Scanner, Gitleaks, Semgrep, Trivy, Trufflehog, image-CVE, Supabase live). Files findings into a GitHub Projects v2 board. On every run, checks Docker Hub for a newer image DIGEST and — on user confirmation — pulls it and applies any new config-schema migrations declared in the image's SECURITY-SCAN-MANIFEST.yaml. Config lives at `<repo>/.security-scan/config.yaml` — repo-local, versioned with the repo. LLM SAST (codex + claude + gemma) is a SEPARATE concern handled by the `security-scan-llm` CLI under `tools/security-scan-llm/` — not orchestrated by this skill. Use when the user says "scan", "/security-scan", "run security-scan", "scan this repo for security issues", "check for secrets / CVEs / SAST issues", or "audit dependencies".
End-to-end triage and fix loop for a GitHub backlog of issues, sourced from either an epic (umbrella issue with native sub-issues) or a GitHub Projects v2 board. Triages the open issues, auto-closes duplicates and won't-fixes, surfaces big-ticket items for the user, bundles all trivial dep bumps into one PR per ecosystem, ships them. Repo-specific behavior comes from `.dev/triage.json` in the current repo. Use when the user says "triage", "/triage", "let's clear epic #N", "triage the security project", "triage project #N", or any variation of working through the open issues of an epic or a Project board.
Scrum-aligned development workflow on top of GitHub Projects v2. Commands: plan (create requirements), pick (claim & implement), decide (record decisions), status (dashboard), refine (groom items), setup (bootstrap Project), upgrade (pull latest skill). Uses gh CLI for issues + Project items, and `.dev/decisions/` for ADRs. Both plan and pick offer an explore mode for discovery-driven work — placeholder issue up front, spec backfilled after implementation.
Replace with a description of the skill and when the agent should use it.