qa-skills

Discover all screens, confirm the manifest with the user, then dispatch QA agents to every screen

Create or refresh Playwright authentication profiles for the current project

Actively tries to break the app — wrong inputs, unexpected sequences, auth bypasses, race conditions, state corruption. Finds edge cases and vulnerabilities.

Comprehensive mobile UX audit at 393x852 viewport covering iOS native feel, touch targets, Safari quirks, mobile typography, form UX, gestures, and animation quality. Applies 10-category rubric with 56 quantifiable checks and produces binary scorecard for before/after comparison.

Measures runtime Web Vitals (LCP, CLS, INP, FCP, TTFB, TBT), DOM health, resource loading, and static code anti-patterns for Next.js apps. Report-only — produces per-route metrics table, binary scorecard, and prioritized findings. No fixes applied.

Systematic security posture audit against OWASP Top 10. Measures 83 checks across 10 categories via browser inspection and code scanning. Produces weighted binary scorecard (X/83) with per-category grades. Report-only — no fixes applied.

Quick functional check of app workflows via Playwright. Walks through steps, verifies each passes, produces pass/fail report.

Audits SaaS and usage-based web apps for adversarial usage patterns — accidental, opportunistic, and deliberate. Use this when the user says "adversarial audit", "abuse case audit", "idiot-proof this app", "find usage exploits", "business logic audit", or "how could users break this". Explores the codebase to map the economic surface area (pricing tiers, usage limits, free trials, costly resources), then generates abuse cases where user behavior — intentional or not — could break assumptions, bypass limits, amplify costs, or corrupt state. Produces a prioritized markdown report with findings, code locations, and fix recommendations, then optionally verifies findings interactively in a browser.

Generates desktop browser workflow documentation by exploring the app's codebase, then walking through the live app with the user step-by-step via Playwright to co-author verifications. Use when the user says "generate desktop workflows", "create desktop workflows", "update desktop workflows", or "generate browser workflows".

Converts desktop workflow markdown into a self-contained Playwright test project with authentication scaffolding and CI workflow. Use when the user says "convert desktop workflows to playwright", "translate desktop workflows to CI", "generate desktop playwright tests", or wants to promote desktop workflows to automated CI tests.

Analyzes an app's codebase and cross-references Google Search Console, PostHog, and Google Keyword Planner to identify low-competition keyword footholds and track expansion into adjacent terms. This skill should be used when the user says "keyword wedge", "find keyword opportunities", "seo analysis", "keyword strategy", "find search wedges", "keyword research for my app", "grow organic traffic", "what keywords should I target", "SEO for my app", "organic search strategy", or "how to rank higher". Generates markdown and HTML reports and maintains state across runs for expansion tracking.

Generates mobile browser workflow documentation by exploring the app's codebase, then walking through the live app with the user step-by-step via Playwright in a mobile viewport (393x852) to co-author verifications. Use when the user says "generate mobile workflows", "create mobile workflows", "update mobile workflows", or "generate mobile browser workflows". Produces numbered workflow markdown files that feed into the mobile converter and Playwright runner. Includes iOS HIG awareness and mobile UX anti-pattern detection.