Security posture for the AI agent itself covering OWASP LLM Top 10, Agentic Security Top 10, behavior boundaries, destructive operation gates, prompt injection resistance, and skill supply chain verification via OIDC Trusted Publishing.
Design and implement clean, consistent, well-documented APIs and interfaces. Use when building REST APIs, GraphQL schemas, library interfaces, or internal module boundaries.
Ensure compliance with organizational policies and regulatory standards, then generate structured reports and dashboards. Covers license auditing, data handling regulations, security standard mapping, and structured reporting with actionable recommendations.
Collaborative design refinement with hard gates preventing premature implementation. Use BEFORE any creative work โ creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements, and design before implementation.
Visual verification of UI changes using browser DevTools MCP. Use when building or modifying frontend components to verify rendering, responsiveness, and visual correctness. All browser-read data is treated as UNTRUSTED.
End-to-end pipeline from CI configuration through production deployment. Covers pipeline stages, test automation, deployment strategies, pre-launch checklists, rollback planning, and post-deploy verification.
Two-stage code review: spec compliance first, then code quality. Use when reviewing code changes, conducting PR reviews, or when subagents complete implementation tasks. Ensures code matches spec AND meets quality standards.
Reduce code complexity through targeted refactoring. Use when code is difficult to understand, overgrown, or has accumulated technical debt. Simplify without changing behavior.