Skip to main content
Manus에서 모든 스킬 실행
원클릭으로
GitHub 저장소

vanguard-frontier-agentic

vanguard-frontier-agentic에는 Raishin에서 수집한 skills 613개가 있으며, 저장소 수준 직업 범위와 사이트 내 skill 상세 페이지를 제공합니다.

수집된 skills
613
Stars
16
업데이트
2026-07-03
Forks
3
직업 범위
직업 카테고리 30개 · 73% 분류됨
저장소 탐색

이 저장소의 skills

frontend-dom-xss-csp-review
미분류

Review frontend source for DOM XSS sinks (innerHTML, dangerouslySetInnerHTML, v-html, document.write, eval-class APIs), verify actual attacker-reachable taint flow, and audit Content-Security-Policy and Trusted Types enforcement for real bypasses rather than header-presence checks, with framework-specific sink guidance loaded progressively.

2026-07-03
monorepo-package-governance-review
미분류

Reviews monorepo task-graph configuration (Turborepo tasks/caching, Nx task pipelines) alongside dependency and lockfile governance (pnpm catalogs, npm overrides, lifecycle-script risk) to prevent false-green CI from stale cache reuse and unpinned supply-chain exposure.

2026-07-03
nextjs-server-security-review
미분류

Statically review Next.js middleware, Server Actions, next.config.js, and environment-variable files for four documented server-side defect classes -- middleware matcher exclusions that silently skip auth on Server Functions, Server Actions missing allowedOrigins CSRF protection, secrets leaked via NEXT_PUBLIC_ prefixes, and SSRF/open-redirect via dangerouslyAllowLocalIP or unvalidated rewrite destinations.

2026-07-03
product-analytics-experimentation-review
미분류

Review frontend analytics instrumentation and A/B or multivariate experiment configurations for event-schema correctness, sample-ratio-mismatch risk, statistically valid stopping rules, and consent-gated privacy compliance before shipping a tracking or experiment change.

2026-07-03
angular-template-sanitizer-security-review
미분류

Statically review Angular templates and components for injection via DomSanitizer bypass calls (bypassSecurityTrustHtml, bypassSecurityTrustUrl, bypassSecurityTrustResourceUrl), unsanitized [innerHTML] bindings, and dynamically bound iframe security attributes such as [attr.sandbox], grounded in Angular's own sanitizer and NG0910 documentation.

2026-07-03
edge-cache-data-bleed-review
미분류

Statically review Next.js App Router caching surfaces -- route-level revalidate exports, cache-boundary directives on server functions reading cookies(), generateStaticParams on personalized routes, and Cache-Control/Vary response headers -- for defects that let one user's authenticated response be cached and served back to a different user.

2026-07-03
graphql-client-security-review
미분류

Statically review GraphQL client configuration (Apollo Client, and urql/similar clients by analogy) for production-enabled devtools/introspection exposure, a normalized cache left uncleared across user sessions, missing persisted-query allowlisting against client-driven query abuse, auth headers attached with no CSRF protection, and sensitive fields cached unmasked -- grounded in Apollo Client's own configuration and security-relevant documentation.

2026-07-03
react-rsc-data-boundary-review
미분류

Statically review React Server Components code for data leaks across the server-to-client serialization boundary — secrets passed as props to Client Components, server-only modules missing the `server-only` guard, `use server` actions with no authorization check, non-public environment variables read in `use client` modules, and tainted values crossing the boundary unnarrowed — grounded in React's and Next.js's own documentation.

2026-07-03
sveltekit-actions-load-security-review
미분류

Statically review SvelteKit form actions, load functions, hooks, and templates for CSRF origin-check bypass (checkOrigin/trustedOrigins), unauthenticated sensitive-data returns from load(), auth guards confined to +layout.server.js without an enforced parent()/hooks check, insecure cookies.set() options, and unsanitized {@html} bindings, grounded in SvelteKit's own CSRF, cookies, load, and authentication documentation.

2026-07-03
pci-payment-ui-security-review
미분류

Statically review payment-page frontend code for PCI-DSS-relevant defects in the browser/DOM slice only — raw PAN collection in self-controlled inputs instead of Stripe hosted fields, card data persisted client-side or to analytics, raw card data POSTed to a first-party endpoint, and third-party scripts loaded without Subresource Integrity — grounded in Stripe's own tokenization docs and PCI-DSS v4 script-security requirements.

2026-07-03
nuxt-fullstack-security-review
미분류

Statically review Nuxt 3/4 full-stack code for private secrets exposed via runtimeConfig.public/NUXT_PUBLIC_* env vars, useState/module-scope cross-request state pollution in Nitro, server-route SSRF via $fetch/ofetch with blind useRequestHeaders/credential forwarding, NuxtPayload/useState serialization reaching an XSS sink, and missing security response headers (routeRules headers, nuxt-security), grounded in Nuxt's own documentation via Context7.

2026-07-03
vue-router-navigation-security-review
미분류

Statically review Vue Router navigation guards, redirect flows, and template bindings for client-side guards used as the sole authorization boundary, open redirects via route.query.redirect/returnUrl, javascript:/data: scheme injection through dynamic :to/:href bindings, route params/query reaching v-html/innerHTML (reflected XSS), guard-induced redirect loops, and catch-all/history-mode misconfiguration, grounded in Vue Router's own documentation.

2026-07-03
vue-state-store-security-review
미분류

Statically review Pinia and legacy Vuex state stores for sensitive data persisted to localStorage/sessionStorage without scoping, untrusted server-payload hydration (window.__pinia/__INITIAL_STATE__) with un-escaped state serialization, SSR store-singleton cross-request pollution, store plugins/$subscribe/$onAction acting on untrusted payloads, client-held role flags used as an authorization source of truth, and devtools state exposure in production builds.

2026-07-03
ai-generated-frontend-code-review
미분류

Apply an elevated review pass to AI or LLM-generated frontend code changes, checking specifically for hallucinated framework APIs, slopsquatted or non-existent dependency names, unsanitized dynamic-HTML sinks, and missing accessibility semantics before the diff is merged.

2026-07-03
browser-compatibility-review
미분류

Audit JS/CSS/HTML feature usage against the project's declared Browserslist/supported-browser matrix using Baseline and caniuse status data, flag unguarded non-Baseline usage, and verify feature-detection or polyfill fallback coverage, with per-feature caniuse/Baseline lookups loaded only for features actually in question.

2026-07-03
design-token-governance-review
미분류

Reviews design-token source of truth and build pipelines for hardcoded-value drift and resolved WCAG 1.4.3/1.4.11 contrast compliance across theme variants (light, dark, high-contrast), grounded in the W3C Design Tokens format and current WCAG success criteria.

2026-07-03
enterprise-red-team-review
미분류

Run a mandatory adversarial review pass against Tier-1 specialist verdicts for frontend security review, AI-generated code review, and production incident workflows, hunting for exploit paths, WCAG failures automated tooling cannot catch, and prompt-injection artifacts in AI-generated code. Use before a change with security, accessibility, or AI-generated-code implications is allowed to reach the Board Chair.

2026-07-03
framework-upgrade-risk-review
미분류

Assess breaking-change and regression risk for a same-framework major-version upgrade (React, Next.js, Angular, Vue, or core build tooling), grounding every claimed breaking change in the framework's official release notes/migration guide, and separate upgrade-blocking issues from cosmetic deprecation noise.

2026-07-03
frontend-board-chair
미분류

Sequence frontend specialist and red-team reviews for the 10 governed workflows (new feature, perf regression, a11y audit, security review, SSR/hydration bug, design-system change, framework migration, AI-generated code review, production incident, CWV failure) and issue a binding evidence-gated approve/conditional-approve/reject decision. Use when a frontend change needs a final governance verdict, not a first-pass technical review.

2026-07-03
frontend-finops-cost-to-serve-review
미분류

Build a cost-to-serve model covering CDN egress, SSR/edge compute, image transformation, and CI build-minute spend for a frontend surface, and rank remediation options by dollar savings weighed against Core Web Vitals and security impact, without treating cost-cutting and security/performance as unrelated trade-offs.

2026-07-03
frontend-maestro
미분류

Route frontend governance tasks to the narrowest specialist or parallel team (max 4) from the frontend agent catalog. Use when you do not already know which frontend specialist handles the task. Not for direct frontend answers; Maestro classifies, dispatches, and hands off to frontend-board-chair-agent only. Never auto-dispatches live-mutation-capable specialists — requires explicit human confirmation with blast-radius and rollback before routing to any live-guard specialist.

2026-07-03
frontend-migration-modernization-plan
미분류

Build a phased, reversible plan to migrate or modernize a legacy frontend surface (jQuery/Backbone/AngularJS to a modern framework, CRA/Webpack to Vite, or a same-framework major-version bump) using strangler-fig sequencing with measurable exit criteria per phase, without defaulting to a full rewrite.

2026-07-03
frontend-observability-rum-instrumentation
미분류

Design or review browser-side Real User Monitoring instrumentation for Core Web Vitals (LCP, INP, CLS) using the web-vitals attribution build and distributed tracing via OpenTelemetry Web, enforcing lab-vs-field evidence labeling, sampling/cardinality sizing, and PII-in-telemetry controls, with library-specific wiring references loaded only when instrumentation code is actually being written or reviewed.

2026-07-03
legacy-jquery-to-modern-framework-review
미분류

Inventory the hidden behaviors in a legacy jQuery/Backbone-era codebase — implicit global event delegation, direct DOM mutation outside any render cycle, plugin side effects, ad-hoc accessibility shims, and unsanitized HTML string building — that a mechanical framework port would silently drop or need to explicitly reproduce.

2026-07-03
wcag-22-accessibility-audit
미분류

Audit frontend markup, components, and design-system primitives against WCAG 2.2 Level A/AA success criteria and ARIA APG interaction patterns, separating automated-detectable violations from manual-verification-required items and flagging legal exposure, with reference material loaded progressively per success-criteria category.

2026-07-03
build-tooling-vite-webpack-review
미분류

Reviews Vite and Webpack build/chunking configuration and bundle-size composition for duplicate dependencies, unsplit vendor chunks, and tree-shaking failures, always version-labeling config since Vite 8 replaced Rollup-era manualChunks with Rolldown-based codeSplitting.

2026-07-02
bundle-budget-code-splitting-review
미분류

Reviews JavaScript/CSS bundle composition against explicit numeric budgets, evaluates route- and component-level code-splitting boundaries, and requires a CI-enforced budget before endorsing any size fix as resolved.

2026-07-02
core-web-vitals-triage
미분류

Decomposes LCP, INP, and CLS regressions into their documented sub-phases using lab and field evidence, and refuses to declare a metric fixed without a field-data or CI-budget verification path.

2026-07-02
e2e-testing-playwright-review
미분류

Reviews Playwright end-to-end test configuration -- fixtures, storageState/auth setup, CI sharding and parallelism, and toHaveScreenshot visual-assertion options -- for reliability and correct gating, grounded in current, version-specific Playwright API docs.

2026-07-02
frontend-auth-session-security-review
미분류

Review client-side authentication and session-management code for token-storage location, cookie-flag correctness, CSRF/open-redirect exposure, and OAuth/OIDC flow choice for browser-based apps against OWASP ASVS and Session Management Cheat Sheet guidance, with the OAuth-for-browsers reference loaded only when an OAuth/OIDC flow is in scope.

2026-07-02
frontend-error-boundary-resilience-review
미분류

Reviews error-boundary placement, fallback UX, and failure-isolation strategy to prevent a single component's runtime error from crashing the whole page, ensuring granular, accessible degradation instead of an app-root-only safety net or a silent, unlogged failure.

2026-07-02
frontend-testing-strategy-review
미분류

Reviews frontend test-pyramid shape, critical-path coverage, and flaky-test governance across unit, component, integration, and E2E layers (Vitest/Jest, Testing Library, Playwright/Cypress), loading framework references only when the task needs them.

2026-07-02
i18n-l10n-readiness-review
미분류

Audit frontend code for internationalization readiness — externalized ICU MessageFormat strings, Intl-based date/number/currency/plural formatting, correct lang/dir attribute propagation, and RTL-safe CSS logical properties — before translation vendor engagement, with CLDR plural-rule detail loaded only when auditing countable strings.

2026-07-02
pwa-offline-readiness-review
미분류

Validates installability against W3C manifest criteria and tests real offline navigation behavior end to end, rejecting a manifest-schema-valid but practically non-installable or non-functional-offline PWA.

2026-07-02
service-worker-cache-strategy-review
미분류

Reviews service-worker route-matching and caching-strategy choices (precache vs. cache-first vs. network-first vs. stale-while-revalidate) against request type and security sensitivity, rejecting uniform blanket strategies and flagging authenticated/PII responses cached in the Cache API.

2026-07-02
tree-shaking-dead-code-review
미분류

Verifies that a bundler's tree-shaking actually eliminated dead code by inspecting output bytes and sideEffects/module-format configuration, rather than trusting a clean build as proof of elimination.

2026-07-02
visual-regression-storybook-review
미분류

Reviews Storybook visual-testing setup -- test-runner wiring, Chromatic integration, and the a11y addon's axe-core gating -- to ensure visually-critical components have deterministic pixel-diff and accessibility coverage before merge, grounded in current Storybook docs.

2026-07-02
microfrontend-boundary-review
미분류

Reviews micro-frontend/module-federation boundary contracts for shared-dependency versioning safety, runtime isolation, and ownership clarity before adoption or extension of a distributed frontend architecture.

2026-07-02
angular-architecture-signals-review
미분류

Statically review Angular component and service architecture for correct Signals usage (signal/computed/effect boundaries and purity), appropriate change-detection strategy (OnPush vs default), and service/DI boundary design, grounded in Angular's own Signals, change-detection, and dependency-injection guidance.

2026-07-02
angular-ssr-hydration-review
미분류

Statically review Angular SSR bootstrap configuration and component templates for hydration-mismatch risk (NG0500-class errors), unjustified ngSkipHydration usage, and direct-DOM-manipulation patterns that bypass Angular's template-owned DOM model, grounded in Angular's own hydration guide and error catalog.

2026-07-02
이 저장소에서 수집된 skills 613개 중 상위 40개를 표시합니다.