fix: Testing & Security skills cleanup

[markusha77]

fix: Testing & Security skills cleanup

[greptile-apps]

Greptile Summary

This PR performs a significant cleanup of the Testing & Security skills category: 36 hollow placeholder stubs (each containing only auto-generated boilerplate) are deleted, while 18 skills are meaningfully rewritten with structured, actionable content including frontmatter examples, detailed review areas, output expectations, and common-mistake sections.

What changed:

• 36 skills deleted — all were identical in structure, containing only \"Brief plan or checklist\" and \"Key recommendations and caveats\" as their entire body. Removing them reduces noise and improves overall category quality.
• 18 skills updated — descriptions, examples frontmatter, and substantive instruction bodies were added for skills like backend-security-coder, property-based-testing, broken-authentication-testing, vulnerability-scanner, write-unit-tests, writing-bundler-tests, and others. The quality of the updated content is consistently good.
• The PR description checklist is entirely unchecked — none of the contribution checklist items are ticked (valid YAML, tested with agent, usage examples, etc.). While the changes look correct on inspection, contributors are expected to self-verify against this checklist before requesting review.
• Two updated skills (performing-security-audits and container-security-auditor) retain author and version frontmatter fields absent from all other updated files — minor inconsistency worth cleaning up.
• Several genuinely useful topics (golang-testing, test-driven-development, vitest, gdpr-data-handling, mtls-configuration) are deleted as stubs with no replacement, leaving gaps that follow-up PRs could fill.

Confidence Score: 5/5

Safe to merge — all changes are documentation/content files with no executable logic, and the substantive updates are well-structured.

No P0 or P1 issues found. The deletions correctly remove zero-value placeholder content. The rewrites add clear, useful guidance. The two remaining P2 notes (frontmatter inconsistency and deleted-topic gaps) are minor and do not block correctness or usability.

performing-security-audits/SKILL.md and container-security-auditor/SKILL.md have minor inconsistent frontmatter fields; no other files require special attention.

Important Files Changed

Filename	Overview
skills/Testing & Security/backend-security-coder/SKILL.md	Substantially rewritten from a 20-line placeholder to a well-structured, actionable skill with clear audit priorities, implementation lenses, and common mistakes.
skills/Testing & Security/property-based-testing/SKILL.md	Massively trimmed from ~450 lines of auto-generated boilerplate to a focused ~60-line skill covering core PBT concepts, property patterns, and common pitfalls.
skills/Testing & Security/performing-security-audits/SKILL.md	Rewritten with good security audit methodology, but contains orphaned author and version frontmatter fields inconsistent with all other updated skills in this PR.
skills/Testing & Security/container-security-auditor/SKILL.md	Well-structured container audit skill, but retains author and version frontmatter fields absent from all other updated skills in this PR.
skills/Testing & Security/write-unit-tests/SKILL.md	Rewritten from a useless stub to a thorough unit-test skill covering principles, isolation guidance, and common mistakes.
skills/Testing & Security/validating-api-contracts/SKILL.md	Prior version had implementation-detail-heavy Pact/OpenAPI examples; new version is a clean, tool-agnostic contract review skill that better serves the skill's stated purpose.
skills/Testing & Security/vulnerability-scanner/SKILL.md	Updated from placeholder to a well-structured triage skill covering exploitability prioritization and common remediation mistakes.
skills/Testing & Security/broken-authentication-testing/SKILL.md	Updated from a stub to a detailed authentication-testing skill covering session fixation, MFA bypass, token replay, and test design guidance.
skills/Testing & Security/writing-bundler-tests/SKILL.md	Rewritten from a stub to a specific skill covering bundler resolution, transforms, chunking, and sourcemap testing principles.
skills/Testing & Security/writing-dev-server-tests/SKILL.md	Rewritten from a stub to a focused dev-server testing skill addressing watch mode, HMR, middleware, and flakiness control.
skills/Testing & Security/golang-testing/SKILL.md	Deleted — was a 20-line placeholder stub; topic is not replaced in this PR, leaving a gap in Go testing coverage.
skills/Testing & Security/gdpr-data-handling/SKILL.md	Deleted — was a 20-line placeholder; topic (GDPR data handling) has no replacement in this PR.
skills/Testing & Security/agent-authentication/SKILL.md	Deleted — was a 20-line placeholder with no substantive guidance beyond "Brief plan or checklist".

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[54 SKILL.md files in PR] --> B{Content type?}
    B -->|20-line placeholder stub| C[36 files DELETED]
    B -->|Has substantive content| D[18 files UPDATED]

    D --> E[Security Skills\nbackend-security-coder\napi-security-best-practices\nbroken-authentication-testing\ncontainer-security-auditor\nperforming-security-audits\nvulnerability-scanner]
    D --> F[Testing Skills\nwrite-unit-tests\nproperty-based-testing\ncpp-testing\npython-testing\njavascript-testing-patterns\nfrontend-testing\nlibafl]
    D --> G[Tooling Skills\nvalidating-api-contracts\nwriting-bundler-tests\nwriting-dev-server-tests\nfrontend-code-review]

    E --> H[Added: examples frontmatter\nClarification section\nReview areas\nCommon mistakes\nBoundaries]
    F --> H
    G --> H

    C --> I[Topics with no replacement:\ngolang-testing, TDD, vitest\ngdpr-data-handling, mtls-configuration]

Loading

Comments Outside Diff (1)

1. skills/Testing & Security/golang-testing/SKILL.md

   Notable topic gaps left by deletions

   36 skills are removed in this PR, all of which were empty stubs — that cleanup is clearly correct. However, several of the deleted topics are genuinely useful and have no replacement in this PR:

   • golang-testing — no Go testing skill remains
   • test-driven-development — TDD guidance removed entirely
   • vitest — Vitest-specific testing removed
   • gdpr-data-handling — GDPR handling removed
   • mtls-configuration — mTLS guidance removed
   • setup-web-tests — web test setup removed
   • swift-protocol-di-testing, temporal-python-testing, syncable-entity-testing — niche but specific topics removed

   Removing poor-quality stubs is the right call. This note is just to flag that follow-up PRs could add properly written skills for these topics if they are in scope for this category.

_{Reviews (1): Last reviewed commit: "fix: Testing & Security skills cleanup" | Re-trigger Greptile}