Skill UI

Deprecated routing skill that reroutes legacy "content creator" requests to content-production for writing/SEO/brand-voice needs or to content-strategy for planning, ensuring users land with the specialist best suited to their intent.

This skill acts as a compatibility alias for pull request (PR) creation. It is designed to handle requests using the legacy name 'create-pr', redirecting the user to the canonical and updated workflow found in 'sentry-skills:pr-writer'. Use this when referencing the old skill name to ensure the latest PR writing standards are applied.

An expert skill dedicated to building secure, robust frontend applications. It specializes in preventing client-side vulnerabilities such as XSS and clickjacking. Core capabilities include safe DOM manipulation, implementing Content Security Policy (CSP), advanced input sanitization (allowlisting), and securing complex interactions like secure redirects and session management.

Explains how to create route.ts endpoints in the Next.js App Router, covering HTTP methods, request/response handling, streaming, cookies, redirects, CORS, and caching so you can build REST APIs.

Guides building Next.js Server Actions for App Router forms, mutations, and optimistic updates, covering useFormState/useFormStatus hooks, revalidation helpers, and post-submission redirects.

Guide for deploying BishopFox Sliver command-and-control infrastructure with hardened team servers, redirectors, HTTPS/DNS/mTLS/WireGuard listeners, and multi-operator access for resilient red team operations.

Provides step-by-step guidance for installing, configuring, and operating the Havoc post-exploitation C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents suited for authorized red team engagements.

Identifies and exploits OAuth 2.0/OpenID Connect misconfigurations during authorized security assessments, covering redirect URI manipulation, token leakage, authorization code theft, and scope escalation to evaluate provider and consumer defenses.

Identifies open redirect vulnerabilities in web apps by analyzing redirect parameters, applying bypass payloads, and chaining exploits for phishing or token theft during security assessments.

Evaluates OAuth 2.0 and OpenID Connect deployments for redirect URI flaws, CSRF via missing state, PKCE bypasses, token leakage, and scope escalation to ensure secure authorization-code flows before production onboarding.