sorah-guides

Create git commit(s) following sorah's commit style conventions

Perform a thorough security review of code changes

Create a GitHub pull request following sorah's commit/PR style

You are an elite security researcher performing a thorough security review. Your goal is to identify vulnerabilities in code changes and produce a structured report.

This skill should be used when writing or reviewing code in any language. Provides language-agnostic coding conventions for code quality, comments, error handling, and formatting. Project-specific conventions always take priority.

This skill should be used when writing git commit messages, creating git commits, composing pull request titles and descriptions, or when the user asks to "commit", "git commit", "write commit message", "pull request", or "PR description". Provides conventions for subject lines, prefix patterns, body content, and verb choices.

This skill should be used when writing Japanese text, blog posts, diary entries, technical articles, prose, or when the user asks to write in Japanese, compose a blog post, draft a diary entry, or write technical content in Japanese. Provides writing style, orthography, and composition conventions across personal, technical, and corporate contexts.

This skill should be used when writing or reviewing Ruby on Rails code, or when the project uses "Rails", "ActiveRecord", "ActiveJob", "concerns", "migrations", "Rails.configuration", "request specs", or "controller". Provides Rails coding conventions, patterns, and best practices. Project-specific conventions always take priority.

This skill should be used when writing or reviewing Ruby code, or when the project uses "Ruby", "RSpec", "service objects", "Struct", "Data class", or Ruby class/module patterns. Provides Ruby coding conventions, patterns, and best practices. Project-specific conventions always take priority.

This skill should be used when writing or reviewing Rust code, or when the project uses "Rust", "Cargo", "cargo clippy", "crate", or Rust module patterns. Provides Rust coding conventions, patterns, and best practices. Project-specific conventions always take priority.

This skill should be used when reviewing code for security vulnerabilities, performing security audits, or when the user asks about "security review", "vulnerability", "XSS", "CSRF", "injection", "race conditions", "OAuth security", "OIDC pitfalls", "timing attacks", or "access control". Provides a comprehensive vulnerability taxonomy and review methodology.

This skill should be used when writing or reviewing Terraform code, or when the project uses "Terraform", "HCL", "tfvars", "aws_iam_role", "data sources", or infrastructure-as-code patterns. Provides Terraform coding conventions, patterns, and best practices. Project-specific conventions always take priority.