ワンクリックで
Attacca
Attacca には adihebbalae から収集した 30 個の skills があり、リポジトリ単位の職業カバレッジとサイト内 skill 詳細ページを表示します。
このリポジトリの skills
Parallel per-PR Security audits (v3.11.0+). Fan out independent Security reviews across 2+ branches, classify each as SIMPLE or COMPLEX, aggregate results into the review queue. Use before merging any parallel Engineer branches.
Initialize a new project. Works with any input: point to a PRD file, paste one inline, or describe your idea and Manager will build the PRD with you. Full research → plan → scaffold → subagent dispatch.
Ship a working MVP as fast as possible. Aggressive parallelization, scope ruthlessness, deferred gates. Skips Designer, defers Security, assumes instead of clarifying. Switch to /init-project for production-grade scaffolding.
Fan out 2+ isolated, non-dependent tasks to parallel Engineer subagents. Validates isolation, creates per-task handoff files, updates state.json, and spawns agents. Use when the task list contains work that can run simultaneously.
Socratic PRD builder. Interrogates the user through problem, solution, and feasibility phases until zero ambiguity, then generates a structured PRD and saves it to .agents/prd.md. Run /init-project after to scaffold the project.
Onboarding guide for new users. Assesses what tools they have (Claude Code, GitHub Copilot, both), explains the agent system based on their experience level, and points them to their first action. Run this first if you're new to the boilerplate.
Retrofit an existing project with the Attacca agent system. Audits project structure, generates a customized retrofit plan, and wires up agent scaffolding without touching source code or existing deployments.
Safely upgrade this project's Attacca boilerplate files to the latest version. Shows a changelog diff of what's new, then applies non-destructive updates to agent/skill/prompt files without touching source code or project state.
On-demand code review checklist. Use when reviewing code changes, doing a PR review, self-reviewing before committing, or checking code quality after implementation. Covers readability, correctness, performance, security, and maintainability.
Production incident response runbooks. Use when responding to production incidents, critical failures, or emergency deployments. Contains runbooks for common incident types and decision frameworks for triage. For SEV 1 emergencies, also activate the medic agent persona.
Behavioral guidelines to reduce common LLM coding mistakes. Use when writing, reviewing, or refactoring code to avoid overcomplication, make surgical changes, surface assumptions, and define verifiable success criteria. Inspired by Andrej Karpathy's observations on LLM coding pitfalls.
Pre-push quality gate checklist. Use when before any git push, before opening a PR, after implementing a full feature, or when asked to run the quality gate. Runs lint, type-check, tests, and a security scan as a single sequential gate. Fails fast — does not proceed past a failing stage.
On-demand security audit checklist based on OWASP Top 10. Use when running pre-push security reviews, auditing new features for vulnerabilities, checking authentication or authorization flows, reviewing API security, validating input sanitization, or scanning dependency vulnerabilities.
TDD workflow skill enforcing RED to GREEN to REFACTOR. Use when implementing any feature test-first, writing unit or integration tests, or building with a test-heavy stack like Jest, Vitest, pytest, or RSpec. Prevents writing implementation before a failing test exists.
Auto-regenerate .agents/workspace-map.md after any file changes. Run post-commit to keep multi-agent codebase awareness fresh. Prevents stale maps from sending agents to wrong files.
Token compression skill. Use when: context window is filling up, on long-running multi-session tasks, when Manager explicitly says 'caveman mode', or when user needs faster/cheaper agent responses. Reduces output tokens 65–75% by switching to telegraphic prose. Three intensity levels: lite, full, ultra.
Build and maintain a persistent, compounding LLM-maintained knowledge base (wiki). Use when: setting up a second brain for a project or personal knowledge base, processing PDFs/articles/notes into structured wiki pages, querying accumulated knowledge with citations, health-checking a wiki for gaps and contradictions, or building self-updating knowledge systems. Based on Karpathy's LLM Wiki pattern (gist.github.com/karpathy/442a6bf555914893e9891c11519de94f).
On-demand code review checklist. Use when: reviewing code changes, PR review, self-review before committing, checking code quality after implementation. Covers readability, correctness, performance, security, and maintainability.
Pre-push quality gate checklist. Use when: before any git push, before opening a PR, after implementing a full feature, when Manager says 'run quality gate'. Runs lint, type-check, tests, and a security scan as a single sequential gate. Fails fast.
On-demand security audit checklist based on OWASP Top 10. Use when: pre-push security review, auditing new features for vulnerabilities, checking authentication/authorization flows, reviewing API security, validating input sanitization.
TDD workflow skill enforcing RED → GREEN → REFACTOR. Use when: implementing any feature test-first, writing unit or integration tests, building with a test-heavy stack (Jest, Vitest, pytest, RSpec, etc.). Prevents writing implementation before a failing test exists.
Behavioral guidelines to reduce common LLM coding mistakes. Use when writing, reviewing, or refactoring code to avoid overcomplication, make surgical changes, surface assumptions, and define verifiable success criteria. Inspired by Andrej Karpathy's observations on LLM coding pitfalls.
Pre-push quality gate checklist. Use when: before any git push, before opening a PR, after implementing a full feature, when Manager says 'run quality gate'. Runs lint, type-check, tests, and a security scan as a single sequential gate. Fails fast — does not proceed past a failing stage.
On-demand security audit checklist based on OWASP Top 10. Use when: pre-push security review, auditing new features for vulnerabilities, checking authentication/authorization flows, reviewing API security, validating input sanitization, dependency vulnerability scanning.
TDD workflow skill enforcing RED → GREEN → REFACTOR. Use when: implementing any feature test-first, writing unit or integration tests, building with a test-heavy stack (Jest, Vitest, pytest, RSpec, etc.). Prevents writing implementation before a failing test exists.
Pre-push quality gate checklist. Use when: before any git push, before opening a PR, after implementing a full feature, when Manager says 'run quality gate'. Runs lint, type-check, tests, and a security scan as a single sequential gate. Fails fast — does not proceed past a failing stage.
Generate a real Software Bill of Materials (SBOM) using syft or cdxgen and pipe output to Security agent for review. The only agent framework with automated SBOM in its security gate — enterprise-grade supply chain visibility. Use when: before any production push, when dependency files change, on security request, or as part of quality-gate Stage 4B2.
4-gate supply chain security defense for any project with dependencies. Prevents malicious packages, typosquatting, and abandoned maintainer attacks before they reach production. Covers: package approval gates, 30-day age policy, typosquatting detection, SBOM generation, and lock file integrity. Can be used standalone — no other boilerplate required.
TDD workflow skill enforcing RED → GREEN → REFACTOR. Use when: implementing any feature test-first, writing unit or integration tests, building with a test-heavy stack (Jest, Vitest, pytest, RSpec, etc.). Prevents writing implementation before a failing test exists.
Auto-regenerate .agents/workspace-map.md after any file changes. Run post-commit to keep multi-agent codebase awareness fresh. Prevents stale maps from sending agents to wrong files.