Skills
Authoring and Running Promptfoo Evaluation Suites
This skill guides developers through authoring comprehensive promptfoo evaluation suites for robust regression testing and quality assurance. It covers defining prompts, structuring test cases, implementing various assertions, and validatin…
Creating and managing promptfoo evaluation suites
This skill guides the creation and maintenance of comprehensive promptfoo evaluation suites, enabling rigorous QA for non-redteam coverage, regression testing, and new matrix development. It details structuring configs, writing prompts, sel…
Automated GitHub Pull Request Review Resolution
This skill automates the identification, addressing, and resolution of GitHub pull request review comments. It manages complex pagination for GraphQL threads and REST reviews to ensure all actionable feedback is addressed and threads are re…
Injects a predefined special token string
This skill is designed to output a specific, fixed token string when explicitly invoked by the user or agent. It allows for the programmatic injection of markers into the conversation flow without requiring complex logic.
Automated Pull Request Review Agent
This skill automates comprehensive Pull Request reviews, checking for logical correctness, security vulnerabilities, and adherence to architectural standards. It structures feedback using criticality badges and posts detailed inline comment…
Security review for authentication code
This skill reviews authentication code to identify common security vulnerabilities, such as weak password hashing (e.g., SHA-1/MD5) or unsafe direct comparisons of secrets and tokens. It ensures that reported issues strictly match the user'…
Automates PR polishing to merge-ready status
This skill iteratively runs PR review and address actions, ensuring the pull request meets strict mergeability criteria. It continues until there are zero new findings, all threads are resolved, CI is stable, and two consecutive quiet polls…
Security review for authentication code
This skill reviews authentication code to identify common security vulnerabilities, such as the use of weak password hashing algorithms like SHA-1 or MD5. It provides a focused report, limiting output to a single actionable security issue.
Reviewing discount policy fixtures with checklist
This skill provides a structured workflow for inspecting and reviewing discount policy fixtures. It executes a helper script to generate a maintainer report detailing ticket IDs, severity, ownership, and minimal required fixes.
Automated Pull Request Workflow
A workflow for agents to automate the pull request lifecycle, including pre-flight checks, test coverage verification, and template-based PR creation. It integrates with GitHub CLI and review bots to manage the end-to-end review process.
comprehensive code review for security and bugs
Analyzes provided codebases to identify logical bugs, security vulnerabilities (such as injection risks), and deviations from established best practices. Findings are structured by severity level with actionable remediation suggestions.
Security review for authentication code
This skill reviews authentication code to identify common security vulnerabilities, such as weak password hashing (SHA-1/MD5) and insecure secret/token comparisons. It ensures reported issues strictly adhere to the user-defined scope.
Redteam Plugin and Grader Development Standards
Provides standardised protocols for developing redteam plugins and graders, including XML tag requirements, rubric structures, and attack template configurations.
Security review for authentication code
This skill reviews authentication code to identify potential security vulnerabilities. It specifically checks for weak password hashing algorithms, such as SHA-1 or MD5, and is constrained to reporting a maximum of one issue.
Validate project adherence to standards
This skill validates a project's structure by checking for the presence of required documentation files, such as README.md. It reports which essential files are missing to ensure adherence to established conventions.
Managing URL Search Parameters and State
This skill provides best practices for managing URL search parameters and hash states in modern web applications. It guides developers on correctly using replace versus push history behavior to prevent browser history pollution when handlin…
URL Search Param and Hash Management
Provides patterns for managing URL search parameters and hash state to maintain correct browser history behaviour. It details when to use replace versus push for in-page state versus navigable steps.
Redteaming Plugin Development Standards and Guidelines
This guide establishes the required standards and structures for developing redteaming plugins and graders. It details standardized tags, rubric formats, and variable handling, including specific guidance for multimodal prompts, ensuring ro…
Implementing Built-in Webhook Source Providers
A framework for implementing new built-in webhook source providers, such as GitHub or Linear, within the Dust architecture. It covers the separation of UI-safe presets from server-only services, including OAuth integration and event schema …
Optimising React Components by Avoiding Effects
Guides best practices for writing React components by identifying when effects are truly necessary. It advises developers to derive state during rendering rather than using useEffect for simple data transformations or calculations.
Writing Focused, Practical Codebase Tests
This skill guides developers through writing high-impact, focused tests for complex codebases, adhering to the 80/20 principle. It mandates minimal mocking, preferring real database interactions while focusing assertions on core behavior an…
Swagger API Schema Synchronization
Ensures API endpoint schemas and Swagger documentation remain synchronised by providing instructions for updating shared schemas and annotations during development.
Creating durable asynchronous workflows with Temporal
This skill provides a comprehensive guide to setting up durable, asynchronous workflows using Temporal. It covers defining activities, orchestrating workflows, and running dedicated workers for robust background processing.
Dust MCP Server Integration Guide
A technical guide for implementing internal MCP server integrations within Dust to connect to external platforms like Jira or Salesforce. It covers metadata definition, tool handler implementation, and OAuth configuration.