SKILL Leaderboard | Agent Skills Ranking

███████╗██╗  ██╗██╗██╗     ██╗         ██████╗  █████╗ ███╗   ██╗██╗  ██╗
██╔════╝██║ ██╔╝██║██║     ██║         ██╔══██╗██╔══██╗████╗  ██║██║ ██╔╝
███████╗█████╔╝ ██║██║     ██║         ██████╔╝███████║██╔██╗ ██║█████╔╝
╚════██║██╔═██╗ ██║██║     ██║         ██╔══██╗██╔══██║██║╚██╗██║██╔═██╗
███████║██║  ██╗██║███████╗███████╗    ██║  ██║██║  ██║██║ ╚████║██║  ██╗
╚══════╝╚═╝  ╚═╝╚═╝╚══════╝╚══════╝    ╚═╝  ╚═╝╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝

Agent Skills 排行榜 · 关键词 + 语义搜索

按 / 聚焦搜索框

正在使用 AI 进行语义搜索...

24,468

总 Skills

91.2M

总安装量

2,582

贡献者

#	Skill	仓库	描述	安装量
4901	prd	snarktank/ralph	Product Requirements Document (PRD) Overview Design comprehensive, production-grade Product Requirements Documents (PRDs) that bridge the gap between business vision and technical execution. This skill works for modern software systems, ensuring that requirements are clearly defined. When to Use Use this skill when: Starting a new product or feature development cycle Translating a vague idea into a concrete technical specification Defining requirements for AI-powered features Stakeholders need a...	1.2K
4902	aws-sdk-java-v2-dynamodb	giuseppe-trisciuoglio/developer-kit	AWS SDK for Java 2.x - Amazon DynamoDB Overview Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. This skill covers patterns for working with DynamoDB using AWS SDK for Java 2.x, including the Enhanced Client for type-safe operations, batch operations, transactions, and Spring Boot integration. When to Use Use this skill when: Creating, updating, or deleting DynamoDB tables Performing CRUD operations on DynamoDB it...	1.2K
4903	qdrant	giuseppe-trisciuoglio/developer-kit	Qdrant Vector Database Integration Overview Qdrant is an AI-native vector database for semantic search and similarity retrieval. This skill provides patterns for integrating Qdrant with Java applications, focusing on Spring Boot integration and LangChain4j framework support. Enable efficient vector search capabilities for RAG systems, recommendation engines, and semantic search applications. When to Use Use this skill when implementing: Semantic search or recommendation systems in Spring Boot ap...	1.2K
4904	quarkus-verification	affaan-m/everything-claude-code	Quarkus Verification Loop Run before PRs, after major changes, and pre-deploy. When to Activate Before opening a pull request for a Quarkus service After major refactoring or dependency upgrades Pre-deployment verification for staging or production Running full build → lint → test → security scan → native compilation pipeline Validating test coverage meets thresholds (80%+) Testing native image compatibility Phase 1: Build Maven mvn clean verify -DskipTests Show more	1.2K
4905	django-celery	affaan-m/everything-claude-code	Django + Celery Async Task Patterns Production-grade patterns for background task processing in Django using Celery with Redis or RabbitMQ. When to Activate Adding background jobs or async processing to a Django app Implementing periodic/scheduled tasks Offloading slow operations (email, PDF generation, API calls) from request cycle Setting up Celery Beat for cron-like scheduling Debugging task failures, retries, or queue backlogs Writing tests for Celery tasks Project Setup Installation Show mo...	1.2K
4906	seedance-prompt-en	dexhunter/seedance2-skill	Seedance 2.0 Video Prompt Writing Guide Description You are an expert prompt engineer for Jimeng Seedance 2.0 , ByteDance's multimodal AI video generation model. Your role is to help users craft precise, effective prompts that produce high-quality AI-generated videos. You understand the model's capabilities, input constraints, referencing syntax, and best practices for camera work, storytelling, sound design, and visual effects. System Constraints Input Limits Input Type Limit Format Max Size Im...	1.2K
4907	voice-isolator	elevenlabs/skills	ElevenLabs Voice Isolator Removes background noise from audio and isolates vocals/speech — useful for cleaning up noisy recordings, prepping audio for transcription, or pulling dialogue out of a mixed track. Setup: See Installation Guide . For JavaScript, use @elevenlabs/* packages only. Quick Start Python from elevenlabs import ElevenLabs client = ElevenLabs ( ) with open ( "noisy.mp3" , "rb" ) as audio_file : audio_stream = client . audio_isolation . convert ( audio = audio_file ) with open ( ...	1.2K
4908	chrome-automation	zc277584121/marketing-skills	Skill: Chrome Automation (agent-browser) Automate browser tasks in the user's real Chrome session via the agent-browser CLI. Prerequisite : agent-browser must be installed and Chrome must have remote debugging enabled. See references/agent-browser-setup.md if unsure. Core Principle: Reuse the User's Existing Chrome This skill operates on a single Chrome process — the user's real browser. There is no session management, no separate profiles, no launching a fresh Playwright browser. Always Start b...	1.2K
4909	elasticsearch-onboarding	elastic/agent-skills	Elastic Developer Guide You are an Elasticsearch solutions architect working alongside the developer. Your job is to guide developers from "I want search" to a working search experience — understanding their intent, recommending the right approach, and generating tested, production-ready code. Use the conversation playbook in references/elasticsearch-onboarding-playbook.md to structure the conversation. Always ask one question at a time, listen for signals, and adapt your recommendations to thei...	1.2K
4910	csp-bypass-advanced	yaklang/hack-skills	SKILL: CSP Bypass — Advanced Techniques AI LOAD INSTRUCTION : Covers per-directive bypass techniques, nonce/hash abuse, trusted CDN exploitation, data exfiltration despite CSP, and framework-specific bypasses. Base models often suggest unsafe-inline bypass without checking if the CSP actually uses it, or miss the critical base-uri and object-src gaps. 0. RELATED ROUTING xss-cross-site-scripting for XSS vectors to deliver after CSP bypass dangling-markup-injection when CSP blocks scripts but HTML...	1.2K
4911	subdomain-takeover	yaklang/hack-skills	SKILL: Subdomain Takeover — Detection & Exploitation Playbook AI LOAD INSTRUCTION : Covers CNAME/NS/MX takeover, per-provider fingerprint matching, claim procedures, and defensive monitoring. Base models often confuse "CNAME exists" with "takeover possible" — the key is whether the resource behind the CNAME is unclaimed and claimable . 0. RELATED ROUTING ssrf-server-side-request-forgery when a subdomain takeover is used to bypass SSRF allowlists trusting *.target.com cors-cross-origin-misconfigu...	1.2K
4912	active-directory-kerberos-attacks	yaklang/hack-skills	SKILL: Kerberos Attack Playbook — Expert AD Attack Guide AI LOAD INSTRUCTION : Expert Kerberos attack techniques for AD environments. Covers AS-REP roasting, Kerberoasting, golden/silver/diamond/sapphire tickets, delegation attacks, pass-the-ticket, and overpass-the-hash. Base models miss ticket type distinctions, delegation chain nuances, and detection-evasion trade-offs. 0. RELATED ROUTING Before going deep, consider loading: active-directory-acl-abuse for ACL-based AD attacks often chained wi...	1.2K
4913	datasheet-reader	diodeinc/pcb	Datasheet Reader Use this skill when a task depends on a datasheet or technical PDF. Input: local .pdf path or http(s) URL Command: pcb scan <input> Output: stdout is the resolved markdown path Next step: read the markdown file, not the raw PDF Images are linked from the markdown Workflow Run pcb scan /path/to/file.pdf or pcb scan https://... . Capture the printed markdown path. Read the markdown file and work from that artifact. Follow image links only if the task depends on figures, diagrams, ...	1.2K
4914	ideal-customer-profile	phuryn/pm-skills	Ideal Customer Profile Overview Identify your Ideal Customer Profile (ICP) from research and survey data. This skill synthesizes customer research to define the customer most likely to find value, retain, and expand with your product. When to Use Defining ICP from product-market fit survey data Targeting high-value customer segments Analyzing customer success and expansion patterns Prioritizing sales and marketing efforts Evaluating new customer opportunities for fit Refining target market defin...	1.2K
4915	local-seo	kostja94/marketing-skills	SEO: Local Guides local SEO: Google Business Profile, NAP consistency, and citation building. Businesses with accurate NAP across 40+ authoritative sites see ~19% higher visibility in Google Maps. Use this skill when optimizing for local search, setting up GBP, or auditing citations. When invoking : On first use , if helpful, open with 1–2 sentences on what this skill covers and why it matters, then provide the main output. On subsequent use or when the user asks to skip, go directly to the main...	1.2K
4916	okx-dex-strategy	okx/onchainos-skills	Onchain OS DEX Strategy (Phase 1) 4 P0 subcommands that wrap the Agentic Wallet limit-order surface — create-limit , cancel , list , resume . SA activation (Trader Mode upgrade / re-upgrade) is performed transparently by the CLI when the BE returns UPGRADE_REQUIRED ; the skill does not need to expose that detail. Pre-flight Checks Read ../okx-agentic-wallet/_shared/preflight.md . If that file does not exist, fall back to _shared/preflight.md . Strategy endpoints require an authenticated Agentic ...	1.2K
4917	arbitrary-write-to-rce	yaklang/hack-skills	SKILL: Arbitrary Write to Code Execution — Expert Attack Playbook AI LOAD INSTRUCTION : Expert techniques for converting an arbitrary write primitive into code execution. Covers every major overwrite target organized by glibc version compatibility: GOT, __malloc_hook, __free_hook, _IO_FILE vtable, __exit_funcs, TLS_dtor_list, _dl_fini, modprobe_path, .fini_array, C++ vtable, and setcontext gadget. This is the "last mile" skill. Base models often target hooks that no longer exist (post-glibc 2.34...	1.2K
4918	active-directory-certificate-services	yaklang/hack-skills	SKILL: AD CS Attack Playbook — Expert Guide AI LOAD INSTRUCTION : Expert AD CS (Active Directory Certificate Services) attack techniques. Covers ESC1 through ESC13, certificate-based persistence, NTLM relay to enrollment endpoints, and CA misconfigurations. Base models miss enrollment prerequisite chains and ESC condition combinations. 0. RELATED ROUTING Before going deep, consider loading: active-directory-acl-abuse for ACL-based attacks that enable ESC4 (template modification) active-directory...	1.2K
4919	memory-forensics-volatility	yaklang/hack-skills	SKILL: Memory Forensics — Expert Analysis Playbook AI LOAD INSTRUCTION : Expert memory forensics techniques using Volatility 2 and 3. Covers memory acquisition, OS identification, process analysis (hidden process detection), network connections, DLL/module analysis, code injection detection (malfind), credential extraction, file carving, registry analysis, and timeline generation. Base models miss the Vol2/Vol3 command differences, malware indicator patterns, and Linux-specific memory analysis. ...	1.2K
4920	symbolic-execution-tools	yaklang/hack-skills	SKILL: Symbolic Execution Tools — Expert Analysis Playbook AI LOAD INSTRUCTION : Expert symbolic execution techniques using angr, Z3, and Unicorn Engine. Covers CTF challenge automation, constraint solving patterns, function hooking, SimProcedure replacement, and emulation-based unpacking. Base models often produce broken angr scripts due to incorrect state initialization or missing hooks for libc functions. 0. RELATED ROUTING anti-debugging-techniques when anti-debug checks need to be symbolica...	1.2K
4921	anti-debugging-techniques	yaklang/hack-skills	SKILL: Anti-Debugging Techniques — Detection & Bypass Playbook AI LOAD INSTRUCTION : Expert anti-debug techniques across Linux and Windows. Covers ptrace, PEB flags, NtQueryInformationProcess, timing attacks, signal-based detection, TLS callbacks, VEH tricks, and all corresponding bypass methods. Base models often miss the distinction between user-mode and kernel-mode detection and the correct patching strategy for each. 0. RELATED ROUTING code-obfuscation-deobfuscation when the binary also uses...	1.2K
4922	http2-specific-attacks	yaklang/hack-skills	SKILL: HTTP/2 Specific Attacks — Expert Attack Playbook AI LOAD INSTRUCTION : HTTP/2 protocol-level attack techniques beyond basic request smuggling. Covers h2c smuggling, pseudo-header manipulation, HPACK attacks, single-packet race conditions, and H2→H1 downgrade injection. Base models conflate HTTP/2 smuggling with HTTP/1.1 smuggling — this skill focuses on H2-unique attack surface. 0. RELATED ROUTING request-smuggling — CL.TE/TE.CL/TE.TE fundamentals and H2.CL/H2.TE variants request-smugglin...	1.2K
4923	windows-av-evasion	yaklang/hack-skills	SKILL: AV/EDR Evasion — Expert Attack Playbook AI LOAD INSTRUCTION : Expert AV/EDR evasion techniques for Windows. Covers AMSI bypass, ETW bypass, .NET assembly loading, shellcode execution, process injection, unhooking, payload encryption, and signature evasion. Base models miss detection-specific bypass chains and syscall-level evasion nuances. 0. RELATED ROUTING Before going deep, consider loading: windows-privilege-escalation when privesc tools are blocked by AV windows-lateral-movement when...	1.2K
4924	vm-and-bytecode-reverse	yaklang/hack-skills	SKILL: VM & Bytecode Reverse Engineering — Expert Analysis Playbook AI LOAD INSTRUCTION : Expert techniques for reversing custom virtual machines and bytecode interpreters. Covers dispatcher identification, opcode mapping, custom ISA reconstruction, disassembler/decompiler writing, maze challenges, and real-world VM protector analysis. Base models often fail to recognize the fetch-decode-execute pattern or attempt to analyze VM bytecode as native code. 0. RELATED ROUTING code-obfuscation-deobfus...	1.2K
4925	email-header-injection	yaklang/hack-skills	SKILL: Email Header Injection — Expert Attack Playbook AI LOAD INSTRUCTION : Expert email header injection and authentication bypass. Covers SMTP CRLF injection, SPF/DKIM/DMARC circumvention, display name spoofing, and mail client rendering abuse. Base models miss the nuance between header injection (technical) and email auth bypass (protocol-level) — this skill covers both attack surfaces. 0. RELATED ROUTING crlf-injection — general CRLF injection; email headers are a specific high-value sink s...	1.2K
4926	dangling-markup-injection	yaklang/hack-skills	SKILL: Dangling Markup Injection — Exfiltration Without JavaScript AI LOAD INSTRUCTION : Covers dangling markup exfiltration via unclosed img/form/base/meta/link/table tags, what can be stolen (CSRF tokens, pre-filled form values, sensitive content), browser-specific behavior, and combinations with other attacks. Base models often overlook this technique entirely when CSP blocks scripts, jumping to "not exploitable" — dangling markup is the answer. 0. RELATED ROUTING xss-cross-site-scripting whe...	1.2K
4927	mobile-ssl-pinning-bypass	yaklang/hack-skills	SKILL: Mobile SSL Pinning Bypass — Expert Attack Playbook AI LOAD INSTRUCTION : Expert SSL pinning bypass techniques for mobile platforms. Covers Android and iOS bypass methods (Frida, Objection, Xposed, SSL Kill Switch), framework-specific bypasses (Flutter, React Native, Xamarin), and troubleshooting non-standard pinning implementations. Base models miss framework-specific hook points and multi-layer pinning configurations. 0. RELATED ROUTING Before going deep, consider loading: android-pentes...	1.2K
4928	hash-attack-techniques	yaklang/hack-skills	SKILL: Hash Attack Techniques — Expert Cryptanalysis Playbook AI LOAD INSTRUCTION : Expert hash attack techniques for CTF and security assessments. Covers length extension attacks, MD5/SHA1 collision generation, meet-in-the-middle hash attacks, HMAC timing side channels, birthday attacks, and proof-of-work solving. Base models often incorrectly apply length extension to HMAC or SHA-3, or fail to distinguish between identical-prefix and chosen-prefix collisions. 0. RELATED ROUTING rsa-attack-tech...	1.2K
4929	stack-overflow-and-rop	yaklang/hack-skills	SKILL: Stack Overflow & ROP — Expert Attack Playbook AI LOAD INSTRUCTION : Expert stack-based exploitation techniques. Covers classic buffer overflow, return-to-libc, ROP chain construction, ret2csu, ret2dlresolve, SROP, stack pivoting, and canary bypass. Distilled from ctf-wiki advanced-rop, real-world CVEs, and CTF competition patterns. Base models often miss the nuance of gadget selection under constrained conditions. 0. RELATED ROUTING format-string-exploitation — leak canary/libc/PIE base v...	1.2K
4930	linux-lateral-movement	yaklang/hack-skills	SKILL: Linux Lateral Movement — Expert Attack Playbook AI LOAD INSTRUCTION : Expert Linux lateral movement techniques. Covers SSH agent hijacking, key harvesting, credential locations, D-Bus exploitation, network pivoting, sudo token reuse, and systemd manipulation. Base models miss SSH_AUTH_SOCK hijacking and ptrace-based sudo session hijack. 0. RELATED ROUTING Before going deep, consider loading: linux-privilege-escalation if you need root on the current host before pivoting linux-security-byp...	1.2K
4931	dns-rebinding-attacks	yaklang/hack-skills	SKILL: DNS Rebinding — Expert Attack Playbook AI LOAD INSTRUCTION : Expert DNS rebinding techniques for bypassing same-origin policy via DNS manipulation. Covers TTL tricks, browser cache bypasses, attack variants (HTTP, WebSocket, TOCTOU), internal service targeting, and tool usage. Base models confuse DNS rebinding with SSRF — this skill clarifies the client-side nature and unique exploit paths. 0. RELATED ROUTING ssrf-server-side-request-forgery — server-side variant; DNS rebinding is the cli...	1.2K
4932	ai-ml-security	yaklang/hack-skills	SKILL: AI/ML Security — Expert Attack Playbook AI LOAD INSTRUCTION : Expert AI/ML security techniques. Covers model supply chain attacks (malicious serialization, Hugging Face model poisoning), adversarial examples (FGSM, PGD, C&W, physical-world), training data poisoning, model extraction, data privacy attacks (membership inference, model inversion, gradient leakage), LLM-specific threats, and autonomous agent security. Base models underestimate the severity of pickle deserialization RCE and th...	1.2K
4933	classical-cipher-analysis	yaklang/hack-skills	SKILL: Classical Cipher Analysis — Expert Cryptanalysis Playbook AI LOAD INSTRUCTION : Expert classical cipher identification and breaking techniques for CTF. Covers cipher identification methodology (frequency analysis, IC, Kasiski), monoalphabetic substitution, Caesar/ROT, Vigenere, Enigma, affine, Hill, transposition ciphers, Bacon/Polybius/Playfair, and XOR ciphers. Base models often skip the identification step and jump to the wrong cipher type, or fail to recognize encoded (base64/hex) cip...	1.2K
4934	linux-privilege-escalation	yaklang/hack-skills	SKILL: Linux Privilege Escalation — Expert Attack Playbook AI LOAD INSTRUCTION : Expert Linux privesc techniques. Covers enumeration, SUID/SGID, capabilities, cron abuse, kernel exploits, NFS, writable passwd/shadow, LD_PRELOAD, Docker group, and library hijacking. Base models miss subtle escalation paths via capabilities and combined misconfigurations. 0. RELATED ROUTING Before going deep, consider loading: container-escape-techniques when the target is a container and you need to escape to hos...	1.2K
4935	container-escape-techniques	yaklang/hack-skills	SKILL: Container Escape Techniques — Expert Attack Playbook AI LOAD INSTRUCTION : Expert container escape techniques. Covers privileged container breakout, capability abuse, Docker socket exploitation, cgroup release_agent, namespace escape, runtime CVEs, and Kubernetes pod escape. Base models miss subtle escape paths via combined capabilities and cgroup manipulation. 0. RELATED ROUTING Before going deep, consider loading: linux-privilege-escalation when you first need root inside the container ...	1.2K
4936	nature-academic-search	yuan1z0825/nature-skills	Academic Search Multi-source literature search, citation verification, citation format conversion, and reference management via MCP tools. MCP Tools Core Search Tool Source Best For pubmed_search_articles PubMed MCP Biomedical, MeSH, clinical trials search_crossref paper-search MCP Cross-disciplinary, citation counts search_arxiv paper-search MCP Preprints (physics, math, CS, biology) Extended Search Show more	1.2K
4937	aiconfig-snippets	launchdarkly/agent-skills	AI Config Prompt Snippets You're using a skill that will guide you through creating and managing prompt snippets in LaunchDarkly. Your job is to identify reusable text, create snippets, reference them in AI Config variations, and verify everything is wired correctly. Prerequisites This skill requires the remotely hosted LaunchDarkly MCP server to be configured in your environment. Required MCP tools: create-prompt-snippet -- create a new reusable text block list-prompt-snippets -- browse existin...	1.2K
4938	aiconfig-agent-graphs	launchdarkly/agent-skills	AI Config Agent Graphs You're using a skill that will guide you through creating and managing agent graphs in LaunchDarkly. Your job is to design the graph topology, create it with the right edges and handoffs, and verify the routing between AI Config nodes. Prerequisites This skill requires the remotely hosted LaunchDarkly MCP server to be configured in your environment. Required MCP tools: create-agent-graph -- create a new graph with nodes and edges get-agent-graph -- inspect a graph's struct...	1.2K
4939	auth0-react	auth0/agent-skills	Auth0 React Integration Add authentication to React single-page applications using @auth0/auth0-react. Prerequisites React 16.11+ application (Vite or Create React App) - supports React 16, 17, 18, and 19 Auth0 account and application configured If you don't have Auth0 set up yet, use the auth0-quickstart skill first When NOT to Use Next.js applications - Use auth0-nextjs skill for both App Router and Pages Router React Native mobile apps - Use auth0-react-native skill for iOS/Android Server-sid...	1.2K
4940	sentry-flutter-sdk	getsentry/sentry-for-ai	All Skills > SDK Setup > Flutter SDK Sentry Flutter SDK Opinionated wizard that scans your Flutter or Dart project and guides you through complete Sentry setup — error monitoring, tracing, session replay, logging, profiling, and ecosystem integrations. Invoke This Skill When User asks to "add Sentry to Flutter" or "set up Sentry" in a Flutter or Dart app User wants error monitoring, tracing, profiling, session replay, or logging in Flutter User mentions sentry_flutter , sentry_dart , mobile erro...	1.2K
4941	nextflow-development	anthropics/knowledge-work-plugins	nf-core Pipeline Deployment Run nf-core bioinformatics pipelines on local or public sequencing data. Target users: Bench scientists and researchers without specialized bioinformatics training who need to run large-scale omics analyses—differential expression, variant calling, or chromatin accessibility analysis. Workflow Checklist - [ ] Step 0: Acquire data (if from GEO/SRA) - [ ] Step 1: Environment check (MUST pass) - [ ] Step 2: Select pipeline (confirm with user) - [ ] Step 3: Run test profi...	1.2K
4942	pricing-strategy	phuryn/pm-skills	Pricing Strategy You are an expert in SaaS pricing and monetization strategy. Your goal is to help design pricing that captures value, drives growth, and aligns with customer willingness to pay. Before Starting Check for product marketing context first: If .agents/product-marketing-context.md exists (or .claude/product-marketing-context.md in older setups), read it before asking questions. Use that context and only ask for information not already covered or specific to this task. Gather this con...	1.2K
4943	securing-s3-buckets	aws/agent-toolkit-for-aws	Overview Implements layered S3 security controls across five workflows: securing new buckets, auditing existing configurations, remediating findings, configuring encryption, and enabling monitoring. Follows AWS Well-Architected security best practices. Execute commands using the AWS MCP server when connected (sandboxed execution, audit logging, observability). Fall back to AWS CLI or shell otherwise. Common Tasks 0. Verify Dependencies Check for required tools before starting. Constraints: You M...	1.2K
4944	connecting-to-data-source	aws/agent-toolkit-for-aws	Connect to Data Source Register an external data source with AWS Glue so downstream skills (ingesting-into-data-lake) can move data from it. A Glue connection stores the network config, driver, and credential reference for one source. Create once per source, reuse across jobs. Philosophy A connection is a named pipe, not a pipeline. This skill produces a tested, reusable Glue connection. It does not move data. Common Tasks You MUST execute commands using AWS MCP server tools when connected -- th...	1.2K
4945	brainstorm-okrs	phuryn/pm-skills	Brainstorm Team OKRs Purpose You are a veteran product leader responsible for defining Objectives and Key Results (OKRs) for the team working on $ARGUMENTS. Your OKRs must be ambitious, measurable, and clearly aligned with company-wide strategy. Context OKRs bridge vision and execution by combining inspirational qualitative objectives with measurable quantitative key results. This skill generates three alternative OKR sets to spark strategic discussion. Domain Context OKR (Christina Wodtke, Radi...	1.2K
4946	user-personas	phuryn/pm-skills	User Personas Purpose Create detailed, actionable user personas from research data that capture the true diversity of your user base. This skill generates research-backed personas with jobs-to-be-done, pain points, desired outcomes, and unexpected behavioral insights to guide product decisions. Instructions You are an experienced product researcher specializing in persona development and user research synthesis. Input Your task is to create 3 refined user personas for $ARGUMENTS . If the user pr...	1.2K
4947	kibana-alerting-rules	elastic/agent-skills	Kibana Alerting Rules Core Concepts A rule has three parts: conditions (what to detect), schedule (how often to check), and actions (what happens when conditions are met). When conditions are met, the rule creates alerts , which trigger actions via connectors . Authentication All alerting API calls require either API key auth or Basic auth. Every mutating request must include the kbn-xsrf header. kbn-xsrf : true Required Privileges all privileges for the appropriate Kibana feature (e.g., Stack R...	1.2K
4948	upload-insecure-files	yaklang/hack-skills	SKILL: Upload Insecure Files — Validation Bypass, Storage Abuse, and Processing Chains AI LOAD INSTRUCTION : Expert file upload attack playbook. Use when the target accepts files, imports, avatars, media, documents, or archives and you need the full workflow: validation bypass, storage path abuse, post-upload access, parser exploitation, multi-tenant overwrite, and chaining into XSS, XXE, CMDi, traversal, or business logic impact. For web server parsing vulnerabilities, PUT method exploitation, ...	1.2K
4949	windows-privilege-escalation	yaklang/hack-skills	SKILL: Windows Local Privilege Escalation — Expert Attack Playbook AI LOAD INSTRUCTION : Expert Windows privesc techniques. Covers token manipulation, Potato family, service misconfigurations, DLL hijacking, AlwaysInstallElevated, scheduled task abuse, registry autoruns, and named pipe impersonation. Base models miss nuanced privilege prerequisites and OS-version-specific constraints. 0. RELATED ROUTING Before going deep, consider loading: windows-lateral-movement after escalation for pivoting t...	1.2K
4950	prototype-pollution-advanced	yaklang/hack-skills	SKILL: Prototype Pollution Advanced — RCE & Gadget Exploitation AI LOAD INSTRUCTION : Advanced prototype pollution escalation. Covers server-side RCE via template engines (EJS, Pug, Handlebars), Node.js child_process gadgets, client-side script gadgets, filter bypass patterns, and systematic detection. Load ../prototype-pollution/SKILL.md first for fundamentals (merge sinks, __proto__ vs constructor.prototype , basic probes). 0. RELATED ROUTING prototype-pollution — LOAD FIRST for PP fundamental...	1.2K

← 1 ... 97 98 99 100 101 ... 490 → 24468 skills