Skill UI

A comprehensive toolkit designed for modern product managers covering the entire product lifecycle. It provides essential frameworks for feature prioritization (RICE scoring), conducting deep customer discovery interviews, structuring detailed Product Requirement Documents (PRDs), and developing strategic product roadmaps. Use this guide for robust feature validation, user research synthesis, and cross-functional strategy development.

Guides optimizing account signup, registration, and trial activation flows to reduce friction, improve completion rates, and drive activation with principles covering field prioritization, trust signals, multi-step best practices, and mobile considerations.

Provides an OWASP 2025-aligned vulnerability scanning mindset, supply chain defenses, attack surface mapping, and risk prioritization guidance with runtime scripts for automated validation of modern application security.

Query gnomAD via GraphQL to retrieve allele frequencies, constraint scores, and loss-of-function annotations for population-informed variant interpretation and rare disease gene prioritization.

Guides product managers through choosing the right prioritization approach (RICE, ICE, Value/Effort, etc.) by asking adaptive questions about stage, team context, stakeholder needs, and decision cadence, then delivers tailored implementation guidance.

Guides product managers through strategic roadmap planning by orchestrating prioritization, epic definition, stakeholder alignment, and release sequencing into a structured workflow that turns strategy into executable outcomes and keeps stakeholders aligned.

Guides product teams through hypothesis writing, metric definition, sample-size planning, ICE prioritization, and statistical interpretation so experiments stay practical, defensible, and aligned with business decision thresholds.

Integrates FIRST's Exploit Prediction Scoring System (EPSS) API to estimate the probability of a CVE being exploited in the wild within 30 days. This tool moves beyond traditional severity scoring (CVSS) by providing a likelihood measure, allowing security teams to implement a risk-based remediation strategy by combining EPSS scores with CVSS scores to assign immediate, urgent, or low priorities.

This skill provides a structured framework for implementing patch management in Operational Technology (OT) and Industrial Control Systems (ICS) environments. It addresses the critical balance between cybersecurity remediation and maintaining continuous operational safety and availability. Key components include risk-based patch prioritization, vendor compatibility testing, staged deployment through test environments, managing maintenance windows, and implementing compensating controls for unpatchable assets.

This skill provides a comprehensive framework for conducting systematic access reviews and certifications across enterprise applications. It guides users through designing review campaigns, implementing risk-based prioritization (e.g., privileged, PII access), assigning reviewers (manager, application owner), and automating the collection of entitlement data. The process ensures compliance evidence is generated for major standards like SOX, HIPAA, and PCI DSS, helping maintain the principle of least privilege.

This skill implements a multi-factor scoring model to assess the criticality of IT assets. By weighting factors such as business function impact, data sensitivity, regulatory scope, and network exposure, it assigns a risk tier. This tier is then used to dynamically adjust the Service Level Agreements (SLAs) for vulnerability remediation, ensuring that organizations prioritize patching efforts on their most critical 'crown jewel' systems first.

This skill implements a sophisticated risk-based prioritization engine by combining three critical data sources: the CISA Known Exploited Vulnerabilities (KEV) catalog, the Exploit Prediction Scoring System (EPSS), and traditional CVSS scores. It allows security teams to move beyond simple severity ratings, focusing remediation efforts on vulnerabilities confirmed to be actively exploited in the wild or predicted to be highly exploitable. The workflow integrates fetching, enriching, and scoring vulnerabilities to generate an actionable remediation plan with defined SLAs.