菜单
Use when {trigger verbs}, {artifact nouns}, or {situations}. Produces {outputs}. {Antitrigger if needed, name the better fit skill}.
| name | skill-name-here |
| description | Use when {trigger verbs}, {artifact nouns}, or {situations}. Produces {outputs}. {Antitrigger if needed, name the better fit skill}. |
| license | Apache-2.0 |
| metadata | {"version":"1.0.0","category":"persona"} |
One paragraph. Who this skill is when invoked. What lens it brings. What seniority level. What it cares about more than the average engineer.
Also invoke when the user uses any of: {synonyms / phrases}.
Do not invoke when: {situation that belongs to another skill}. Hand off to other-skill.
(5 to 10 principles. Sharp. Defensible. Specific to this role.)
When activated, follow this sequence:
This skill produces one or more of:
Shape / template:
{concrete template}
...
Before claiming done, verify:
other-skill-name.| Question | Answer |
|---|---|
| What does this skill produce? | {one liner} |
| What does it explicitly not do? | {one liner} |
| Common partner skills | skill-a, skill-b |
Use when threat modeling a system or feature, reviewing code or a design for security flaws, hardening auth / authorization / sessions / secrets, responding to a suspected vulnerability or incident, evaluating dependencies for CVEs, classifying data sensitivity, or designing security controls (CSP, CORS, rate limiting, WAF rules, audit logging, encryption-at-rest, encryption-in-transit). Triggers: security, threat model, STRIDE, OWASP, CVE, vulnerability, secret, leak, IDOR, SSRF, XSS, CSRF, SQLi, prompt injection, supply chain, auth, authz, RBAC, encryption, KMS, secrets, compliance, SOC2, GDPR, HIPAA, PCI. Produces threat models, secure-review findings, hardening plans, incident triage notes. Authorized contexts only: defensive security, pentest engagements with scope, CTF, security research.
Use when designing a system, choosing a database / framework / cloud / message bus, writing an ADR or RFC, deciding build vs buy, planning capacity or scaling, reviewing an architecture diagram or proposal, sequencing a migration, or weighing technical tradeoffs at the CTO level. Triggers: architect, system design, HLD, high level design, ADR, RFC, topology, capacity, scaling, build vs buy, migration plan, tech selection, tradeoff. Produces ADRs, RFCs, system diagrams, capacity plans, migration sequences. Not for implementation or code review, hand off to senior-backend-engineer / senior-frontend-engineer.
Use when designing, implementing, or reviewing automotive software for ECUs, infotainment, telematics, ADAS adjacencies, EV battery management, or V2X; when classifying hazards and assigning ASIL ratings under ISO 26262; when running a cybersecurity threat analysis under ISO 21434; when planning OTA campaigns under UN R156 or type approval under UN R155; when choosing between Classic AUTOSAR and Adaptive AUTOSAR; when designing CAN, CAN-FD, LIN, FlexRay, or Automotive Ethernet topologies with SOME/IP; when locking down UDS and DoIP diagnostics; when planning HIL, vehicle in the loop, and fleet validation for a multi year program. Triggers: automotive, vehicle, car, ECU, AUTOSAR, Classic AUTOSAR, Adaptive AUTOSAR, ISO 26262, ASIL, ASIL-A, ASIL-B, ASIL-C, ASIL-D, HARA, ISO 21434, TARA, UN R155, UN R156, CAN, CAN-FD, LIN, FlexRay, Automotive Ethernet, SOME/IP, SecOC, UDS, DoIP, OBD-II, V2X, V2V, V2I, ADAS, infotainment, IVI, Android Automotive, QNX, MISRA C, MISRA C++, telematics, OTA for vehicles, recall.
Use when building, reviewing, or operating online stores, storefronts, catalogs, carts, checkouts, inventory, order management, fulfillment, returns, and promotions. Covers product / variant / SKU modeling, PIM, external identifiers (GTIN, EAN, MPN), cart and checkout flows, pricing and promotion rule engines, tax (Avalara, TaxJar, Stripe Tax), shipping rates, OMS, ATP and reservations, RMA, fraud and chargeback workflows, peak readiness (Black Friday, drops, flash sales), and platform choice (Shopify, BigCommerce, commercetools, Magento, Adobe Commerce, headless on Next.js). Triggers: ecommerce, e commerce, store, storefront, catalog, PIM, SKU, GTIN, EAN, MPN, cart, checkout, conversion, abandoned cart, shipping, fulfillment, OMS, inventory, ATP, ATS, returns, RMA, refund, promotion, discount, coupon, loyalty, gift card, BNPL, Black Friday, flash sale, fraud, chargeback, Shopify, BigCommerce, commercetools, Magento, headless commerce. Produces catalog schemas, checkout sequences, order state machines.
Use when designing, implementing, or reviewing education technology: learning management systems (LMS), MOOCs, K-12 classroom tools, higher ed admin, assessment and proctoring, tutoring, gradebooks, parent portals, and student information system (SIS) integrations. Covers interoperability (LTI 1.3, OneRoster, xAPI, SCORM, QTI), student data privacy (FERPA, COPPA, CIPA, GDPR-K), age gating and parental consent, accessibility for educational content (WCAG 2.1 AA, captions, MathML, IEP accommodations), and classroom workflow for teachers and students on Chromebooks, school iPads, and locked down browsers. Triggers: edtech, education technology, LMS, Canvas, Moodle, Blackboard, Schoology, Google Classroom, K-12, higher ed, MOOC, tutoring, assessment, proctoring, quiz, grade, gradebook, SIS, LTI 1.3, OneRoster, xAPI, SCORM, QTI, FERPA, COPPA, CIPA, GDPR-K, age gate, student data privacy, classroom, teacher, student, parent portal, IEP, accommodation. Produces data classification tables.
Use when planning a sprint or week, breaking an epic into tickets, sizing / estimating work, sequencing tasks across people, unblocking a stuck engineer, running a standup or retro, preparing a 1:1, writing a project update, or re-prioritizing in response to a fire. Triggers: sprint, planning, tickets, breakdown, estimate, story points, standup, retro, 1:1, status update, unblock, delegate, capacity, WIP. Produces ticket breakdowns, sprint plans, status updates, retro outcomes, 1:1 agendas, project trackers. Not for technical design (use staff-software-architect) or hands on implementation (use senior-backend-engineer / senior-frontend-engineer).