io.github.wgpsec/AboutSecurity/sql-injection-methodology

SQL注入检测、利用、绕过的完整方法论。当目标有表单提交、登录页面、搜索功能、数据查询接口时使用。包含POST参数完整性检查、EXTRACTVALUE截断陷阱、UNION/报错/盲注/sqlmap全流程

io.github.wgpsec/AboutSecurity/mobile-backend

移动 App 后端 API 安全测试。当目标是移动应用的后端接口、发现 /api/v1/ 等移动端 API 路径、或需要测试 App 与服务器之间的通信安全时使用。覆盖 API 端点发现、认证机制测试、业务逻辑漏洞、移动端特有的安全问题

io.github.wgpsec/AboutSecurity/mcp-security

MCP (Model Context Protocol) 协议安全测试方法论。当目标环境使用 MCP Server 集成外部工具、 需要评估 MCP 工具描述安全性、或测试 Agent 通过 MCP 调用工具时的安全边界时触发。 覆盖: 工具描述投毒、地毯式骗局(动态篡改)、指令覆盖(Shadow Tool)、隐藏指令(ANSI/Unicode)、 跨 Server 攻击、Token 窃取、Schema 操纵、上下文溢出。

io.github.project-chip/connectedhomeip/python-test-reviewer

Expert guidance for reviewing Python tests in the Matter (connectedhomeip) repository. Use this skill when reviewing changes to tests, specifically targeting common pitfalls in async execution, mocking cluster interactions, and assertion quality.

io.github.microsoft/vscode/agent-customization

**WORKFLOW SKILL** — Create, update, review, fix, or debug VS Code agent customization files (.instructions.md, .prompt.md, .agent.md, SKILL.md, copilot-instructions.md, AGENTS.md). USE FOR: saving coding preferences; troubleshooting why instructions/skills/agents are ignored or not invoked; configuring applyTo patterns; defining tool restrictions; creating custom agent modes or specialized workflows; packaging domain knowledge; fixing YAML frontmatter syntax. DO NOT USE FOR: general coding questions (use default agent); runtime debugging or error diagnosis; MCP server configuration (use MCP docs directly); VS Code extension development. INVOKES: file system tools (read/write customization files), ask-questions tool (interview user for requirements), subagents for codebase exploration. FOR SINGLE OPERATIONS: For quick YAML frontmatter fixes or creating a single file from a known pattern, edit the file directly — no skill needed.

io.github.Memento-Teams/Memento-Skills/pdf

Use this skill whenever the user wants to do anything with PDF files. This includes reading or extracting text/tables from PDFs, combining or merging multiple PDFs into one, splitting PDFs apart, rotating pages, adding watermarks, creating new PDFs, filling PDF forms, encrypting/decrypting PDFs, extracting images, and OCR on scanned PDFs to make them searchable. If the user mentions a .pdf file or asks to produce one, use this skill.

io.github.eclipse-rdf4j/rdf4j/docker-jfr-benchmark-loop

Run a repeatable RDF4J performance loop against one JMH benchmark in Docker with Linux Java 26 and JFR CPU-time profiling. Use when working in this repo on benchmark-guided performance changes, hotspot triage, JFR reading, CPU bottleneck analysis, or repeated baseline, fix, and rerun loops. Trigger on requests mentioning benchmark, profiling, JFR, hotspot, perf loop, CPU bottleneck, or Docker benchmark runs in RDF4J.

io.github.CyberStrikeus/CyberStrike/Mobile Code (03.13.13)_mobile-code

Define acceptable mobile code and mobile code technologies.

io.github.wgpsec/AboutSecurity/database-tactics

数据库服务攻击方法论。当发现 Redis(6379)、MSSQL(1433)、PostgreSQL(5432)、MySQL(3306)、MongoDB(27017) 等数据库端口时使用。覆盖未授权访问、弱口令爆破、命令执行、文件读写、提权。任何涉及数据库攻击、数据库提权、数据库利用的场景都应使用此技能

io.github.CopilotKit/CopilotKit/react-core

@copilotkit/react-core — mount CopilotKitProvider in a Next.js App Router / React Router v7 / TanStack Start / SPA app, drop in CopilotChat/CopilotPopup/CopilotSidebar (v2 chat components ship from react-core/v2 — NOT react-ui, which is CSS-only in v2), access and subscribe to agents with useAgent / useAgentContext / useCapabilities, switch between multiple agents, manage durable Intelligence threads with useThreads, register browser-side tools via useFrontendTool, render tool calls with useRenderTool / useComponent / useDefaultRenderTool, gate execution with useHumanInTheLoop, wire file attachments with useAttachments, configure suggestion pills, and register activity- and custom-message renderers. publicLicenseKey is canonical (publicApiKey is deprecated alias). Load the reference under references/ that matches your task.

io.github.agentscope-ai/QwenPaw/browser_visible-zh

当用户需要控制 browser_use 的浏览器启动方式时，使用本 skill。当前 browser_use 默认使用 managed CDP 启动本地 Chrome/Chromium；`headed` 控制是否显示窗口，`private_mode` 控制是否禁用 CDP、改走 Playwright，`browser_args` 传入额外的 Chromium 启动参数，`executable_path` 指定自定义浏览器可执行文件路径。

io.github.open-edge-platform/anomalib/fastapi-rest-api-design

Designs and reviews REST APIs for FastAPI services using consistent resource naming, HTTP semantics, validation, security, and error handling patterns. Use for backend API tasks, endpoint design/refactors, or API review requests in FastAPI/Python projects.

io.github.itgoyo/hermes-skills/automation-governance-architect

以治理为先的业务自动化架构师（n8n 优先），在实施之前先审计价值、风险和可维护性。

io.github.HoangNguyen0403/agent-skills-standard/typescript-tooling

Development tools, linting, and build config for TypeScript. Use when configuring ESLint, Prettier, Jest, Vitest, tsconfig, or any TS build tooling.

io.github.HoangNguyen0403/agent-skills-standard/typescript-language

Apply modern TypeScript standards for type safety and maintainability. Use when working with types, interfaces, generics, enums, unions, or tsconfig settings.

io.github.HoangNguyen0403/agent-skills-standard/typescript-security

Validate input, secure auth tokens, and prevent injection attacks in TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration.

io.github.HoangNguyen0403/agent-skills-standard/typescript-best-practices

Write idiomatic TypeScript patterns for clean, maintainable code. Use when writing or refactoring TypeScript classes, functions, modules, or async logic.

io.github.HoangNguyen0403/agent-skills-standard/database-mongodb

Apply expert schema design, indexing, and performance rules for MongoDB. Use when designing MongoDB schemas, creating indexes, or optimizing NoSQL query performance.

io.github.HoangNguyen0403/agent-skills-standard/typescript-best-practices

Write idiomatic TypeScript patterns for clean, maintainable code. Use when writing or refactoring TypeScript classes, functions, modules, or async logic.

io.github.HoangNguyen0403/agent-skills-standard/typescript-language

Apply modern TypeScript standards for type safety and maintainability. Use when working with types, interfaces, generics, enums, unions, or tsconfig settings.

io.github.HoangNguyen0403/agent-skills-standard/typescript-security

Validate input, secure auth tokens, and prevent injection attacks in TypeScript. Use when validating input, handling auth tokens, sanitizing data, or managing secrets and sensitive configuration.

io.github.HoangNguyen0403/agent-skills-standard/typescript-tooling

Development tools, linting, and build config for TypeScript. Use when configuring ESLint, Prettier, Jest, Vitest, tsconfig, or any TS build tooling.

io.github.HoangNguyen0403/agent-skills-standard/nextjs-upgrade

Next.js version migrations using official guides and codemods. Use when migrating a Next.js project to a new major version using codemods.

io.github.HoangNguyen0403/agent-skills-standard/nextjs-tooling

Configure Next.js build tooling, deployment, and developer workflow. Use when setting up Turbopack, standalone Docker output, bundle analysis, CI caching, environment variable validation, or ESLint integration for Next.js projects.