Use when interacting with Linear.app from the command line. Triggers on any request involving Linear issues, projects, cycles, sprints, teams, roadmaps, milestones, documents, triage, notifications, comments, bulk operations, or any Linear workflow. Also triggers when the user references a Linear issue identifier (e.g. ENG-123, LIN-456), wants to list/create/update/close/assign issues, check sprint status, run burndown charts, import/export Linear data, manage webhooks, or automate Linear tasks from the terminal. Use proactively whenever the user mentions "Linear", "linear issue", "linear sprint", "linear project", "linear ticket", or any Linear-related workflow — even if they don't explicitly ask for the CLI.
Use when addressing, responding to, or resolving pull request review comments and inline code suggestions. Triggers whenever the user wants to work through PR feedback — even if they say 'address the review comments', 'fix the PR feedback', 'apply the suggestions', 'resolve the threads', 'respond to reviewer comments', or just 'let's work through this PR review'. Use proactively after a PR review is received.
Security testing skill for Nuclei — a fast, template-driven vulnerability scanner by ProjectDiscovery. Use this skill to: scan URLs, APIs, or OpenAPI specs for vulnerabilities; run or write nuclei YAML templates and workflows; generate templates from a STRIDE threat model report; or run a full pipeline (threat model → templates → scan). Triggers on: "run nuclei", "scan this URL", "nuclei template", "nuclei workflow", "nuclei from threat model", "web app security scan", "pen test this API", "full security pipeline", "threat model and scan", SQLi, XSS, SSRF, IDOR, auth bypass, CORS misconfig. Use proactively when the user shares a URL, OpenAPI spec, source code, or STRIDE report and wants security testing — even if they haven't mentioned nuclei by name.
Queries Panther SIEM data lake via GraphQL API. Use when the user wants to query Panther logs, run SQL against the data lake, search for indicators of compromise, explore databases/tables/columns, poll for query results, list past queries, build GraphQL scripts, or manage Panther alerts. Triggers on: "query Panther", "Panther data lake", "Panther GraphQL", "search Panther logs", "indicator search in Panther", "executeDataLakeQuery", "executeIndicatorSearchQuery", "panther_logs", "Panther alerts", "list alerts", "alert status", "triage alert", "resolve alert", "assign alert", "mark alert as resolved", "update alert", "comment on alert", or any request to pull log data, hunt threats, or manage security alerts via the Panther API. Also triggers on "search my logs", "find this IP in Panther", "show me my alerts", or "close these alerts".
Interact with the Snyk REST API (v2025-11-05) for vulnerability management, security scanning, and developer security. Use for: listing orgs/projects/targets, querying issues (package vulnerabilities, licenses, cloud misconfigs, SAST), searching audit logs, managing service accounts, memberships, invitations, fetching SBOMs, and looking up package vulnerabilities by PURL. Requires SNYK_TOKEN injected via 1Password `op run`.
Use when interacting with AWS. Triggers on AWS resources, services, or accounts — s3, ec2, iam, kms, secretsmanager, eks, ecs, lambda, cloudwatch, rds, dynamodb, cloudformation, route53, sns, sqs, and more. Use this skill whenever the user wants to inspect, query, troubleshoot, or manage AWS infrastructure, even if they don't say 'AWS' explicitly but reference cloud resources, ARNs, account IDs, regions, or specific AWS service names.
Use when interacting with GitHub from the command line. Triggers on any request involving pull requests, issues, repositories, GitHub Actions workflows, releases, GitHub API calls, or the `gh` command — even if the user doesn't say 'gh' but mentions checking out a PR, creating an issue, viewing workflow runs, listing releases, or querying the GitHub API. Use proactively for any GitHub operation that can be done from the terminal.
Use when interacting with Kubernetes clusters, pods, deployments, services, namespaces, helm releases, or any k8s resource. Triggers on kubectl, helm, k8s, pod, deployment, namespace, etc.