POSTTTT

qna

Answer questions, explain code, and investigate the codebase WITHOUT making any changes. Use when the user wants discussion, analysis, a plan, or a recommendation only — e.g. "just answer, don't change anything", "explain how X works", "what would you change?", "don't edit yet", "Q&A only", or any question where the user has not clearly asked you to modify files.

Code & Development Listed

gitignore

Analyze the codebase to understand its languages, frameworks, and tooling, then create or update the project's .gitignore with the right entries. Use when the user asks to "fix/update/generate the .gitignore", "what should I gitignore", "add ignore rules", "stop tracking node_modules/.env/build artifacts", or wants secrets and generated files kept out of version control. Understands the repo first, avoids duplicates, and flags already-tracked files that ignoring alone won't remove.

optimize

Analyze a codebase for performance and produce an optimization report — where the program is slow, how to make it faster, and the expected speed impact, effort, and risk of each change. Use when the user asks to "optimize the program", "make it faster", "improve performance", "find bottlenecks", "why is this slow", or "reduce latency/memory". Reads and understands the code first, reasons from profiling and algorithmic complexity (not guesses), and reports recommendations ranked by impact — without rewriting hot code until asked.

pdf-summary

Analyze a PDF in full and produce a structured, chapter-by-chapter, page-aware summary that preserves detail. Use when the user asks to "summarize this PDF", "analyze this document/PDF", "break down this PDF", "give me the key points of this PDF/report/paper/manual", or points to a .pdf file. Reviews every page, cites where each point comes from, explains diagrams/images, and keeps instructions/procedures complete rather than compressed.

Code & Development Listed

pre-push

Pre-flight safety gate that checks whether the project is actually safe to commit/push to GitHub (or any remote) RIGHT NOW. Use when the user asks "is this ready to push?", "can I commit this?", "check before I push", "did I leave any secrets in", "ready for GitHub?". Inspects the real git state — staged diff, tracked files, source, and history — for secrets/API keys, .env/.venv being tracked, PII, leftover debug/conflict markers, and .gitignore gaps. Read-only; reports a clear ready/blockers verdict and defers to the gitignore and security-audit skills for fixes.

security-audit

Audit a codebase for security weaknesses against the OWASP Top 10 (2025) and seven hardening areas — secrets management, data encryption, input validation/injection, auth, dependency/supply-chain, error handling/logging, and configuration/transport hardening. Use when the user asks to "check security", "do a security review/audit", "find vulnerabilities", "is this app secure", "OWASP review", "check for hardcoded secrets / SQL injection / XSS", or similar. On invocation, ask which area(s) to investigate (or all), then report findings with severity, file:line, and remediation — without changing code until asked.

tidy

Clean up and organize a project's file structure — group loose files into logical folders (images/, scripts/, styles/, etc.), remove empty directories, and delete genuinely unnecessary files. Use when the user asks to "clean up the project", "organize the files", "tidy the directory", "sort these into folders", "remove empty folders", or "get rid of junk files". Always understands the project and updates references BEFORE moving anything, never deletes load-bearing files, and gets approval before changing the file tree.