The library

apply-shadcn · UI development when shadcn library components reduce custom CSS and maintain consistency.

technical-seo-checker · Technical SEO when infrastructure audits (crawl/indexing/speed) uncover blocked opportunities.

testing-ci · CI setup when automated testing + deployment gates reduce manual integration friction.

competitor-analysis · Competitive analysis when gap analysis vs top competitors informs content/keyword prioritization.

fusion-vereine · German association mergers need Vereinsrecht-specific compliance mapping.

dto-generator · NestJS projects scaffold DTOs faster with auto-discovery than manual scaffolding.

content-gap-analysis · Editorial planning beats brainstorming when you compare against a specific competitor set.

gsap-greensock · Web animations achieve principle polish faster with GSAP than pure CSS for tweens.

keyword-research · SEO planning systematizes keyword discovery better than intuition-driven topic selection.

dev-container · IsaacLab development runs faster with one shared image across parallel project clones.

serp-analysis · Ranking strategy beats guessing when you analyze live SERP composition and top-10 patterns.

next-best-practices · Next.js refactors avoid pitfalls when you follow file conventions and RSC boundaries.

terraform-skill · IaC refactors are safer when you diagnose risk categories before applying changes.

consult-chatgpt · Multi-agent debugging beats solo guessing when you cache questions and budget calls.

ce-optimize · Tuning converges faster with hard gates and parallel experiments than one-shot tweaks.

tool-calling-tutor · Tool-calling agents work faster when you debug schema, invocation, and loop patterns.

sequential-think · Complex debugging beats quick answers when you systematize multi-layer reasoning.

universal-design · Inclusive design reaches broader audiences than retrofitting accessibility later.

apk-redteam-pipeline · Mobile security research runs faster with automated APK acquisition and decompilation.

finding-arbitrage-opportunities · Crypto arbitrage beats manual scanning when you monitor CEX/DEX spread in real-time.

bb-local-toolkit · Bug bounty hunting converges faster with systematic recon, learning, and triage.

semantic-grep · Security scanning is faster and more reliable when you use semantic rules vs regex.

bb-methodology · Bug bounty sessions gain focus when you apply systematic 5-phase methodology.

session-trends · Progress tracking improves with aggregated deltas vs single-point observations.

value-prop-sharpener · Product positioning when weak generic messaging needs multi-dimensional resonance.

bugcrowd-reporting · Bug bounty submissions when VRT defaults misalign with actual impact severity.

linkedin-post · Professional content distribution when personal voice, audience targeting, and engagement matter.

content-analyst · Library governance when actual document state analysis informs feature prioritization.

cloud-iam-deep · Red-team privilege analysis when a cloud credential surfaces and escalation vectors matter.

strassenentwaesserung · German legal practice when street-drainage rights/obligations require statutory analysis.

linear-iterate-on-plan · Technical planning when proposal quality gates improve before approval.

enterprise-vpn-attack · Perimeter testing when SSL VPN appliances are initial-access points.

bio-microbiome-functional-prediction · Metagenomics when shotgun sequencing is unavailable and KEGG/MetaCyc function prediction suffices.

evidence-hygiene · Bug-bounty submissions when cookie leakage and unauthorized PII exposure risks matter.

ai-assisted-operations · GitHub issue triage at scale when AI summarization and tagging reduce manual work.

dotnet-maui-aot · Mobile performance when app size and startup time reductions (up to 50%) justify AOT setup.

hunt-api-misconfig · API security testing when parameter-binding and object-serialization flaws enable escalation.

hunt-aspnet · Legacy ASP.NET pentesting when ViewState, machineKey, and trace endpoint disclosure matter.

research-handoff-oracle · Team collaboration when research handoff to another LLM agent preserves context.

nx-cli · Monorepo development when task discovery and affected-scope analysis speed up iteration.

hunt-ato · Authentication testing when multiple ATO paths (password-reset, email-change, JWT, MFA-bypass) require systematic coverage.

eu-ebene-und-better-regulation · German legal practice when proposed rules require EU compliance justification.

feature · Test-driven development when executable specifications guide implementation.

hunt-auth-bypass · SSO security testing when SAML signature stripping and parser-differential attacks apply.

hunt-brute-force · Use for hunt missing/weak rate limiting — login brute force, otp/2fa brute force (10^6 keyspace), password-reset-token brute, credential stuffing, username/email enumeration via error-string / status-code / timing differences, weak password policy, missing captcha, ip-based rate-limit bypass via x-forwarded-for and friends, redos. distinguishes hard lockout vs soft ip-throttle vs captcha-injection vs silent shadow-throttling (avoids false-negative 'no rate limit' conclusions). medium to critical depending on what the brute reaches (otp→ato = critical).

pm-organization-scale-adaptive · Use for adjust planning depth and agent behavior based on prd complexity level

codegen · Use for code generation utilities for json-render. use when generating code from ui specs, building custom code exporters, traversing specs, or serializing props for @json-render/codegen.

hunt-business-logic · Use for hunting skill for business logic vulnerabilities. built from 12 public bug bounty reports. covers coupon-race-stacking (instacart, stripe, reverb), negative-quantity-in-cart price tampering (upserve, eternal/zomato), decimal/fraction price-field overflow (shipt), client-side checkout amount trust on paypal redirect (wordpress.org), price-per-unit mass-assignment (krisp), and archived-price swap / cart-toctou (stripe). use when hunting business logic — heavy emphasis on financial-impact-demonstrated cases.

dotnet-add-testing · Use for >-

hunt-cache-poison · Use for hunting skill for cache poison vulnerabilities. built from 10 public bug bounty reports including x-forwarded-host poisoning, x-http-method-override / gcs cache, reflected→stored xss via cache, classic omer-gil web cache deception, cloudflare cache deception armor bypass, session-token cache deception, akamai hop-by-hop smuggling → server-side edge poisoning, and kettle's 2024 path-normalization wcd against cloudflare/fastly/gcp. use when hunting cache poisoning, web cache deception, cdn-fronted apps.