architecture-review-governance
Defines architecture principles, catches design problems before code is written, and detects drift as delivery proceeds. Use this skill whenever the user wants to: review a system design or architecture proposal, evaluate trade-offs between technical approaches (microservices vs monolith, sync vs async, edge vs cloud), identify architectural anti-patterns or hidden coupling, enforce service and component boundaries, review integration design or data flow, validate non-functional requirements, detect architecture drift, or self-review a design before presenting it to the team. Also trigger when the user asks "is this the right approach", "what are the trade-offs", or "does this architecture scale".
Repository SourceNeeds Review
data-governance-privacy
Activate when classifying data (PII, sensitive, internal, public), running a Privacy Impact Assessment (PIA/DPIA), defining retention or deletion policies, designing GDPR/CCPA compliance workflows, handling subject access requests (SAR) or right-to-erasure, evaluating cross-border data transfers (EU SCCs, adequacy decisions), scoping data minimisation, reviewing new third-party data sharing, or assessing EU AI Act Article 10/13 data transparency obligations for an ML/LLM feature that trains on user data. Use before a feature that collects, stores, shares, or trains on user data is shipped.
Repository SourceNeeds Review
specification-driven-development
Governs contract-first and specification-driven development — defining interfaces, schemas, and workflows before implementation begins. Use this skill whenever the user wants to: write an OpenAPI 3.x specification, author a Protobuf or gRPC schema, define an AsyncAPI spec for event-driven interfaces, write a GraphQL schema, write a JSON Schema, review an API contract for completeness or correctness, detect breaking vs non-breaking changes, design a workflow or sequence before coding it, or validate that an implementation matches its contract. Also trigger for: "define the interface before coding", "API spec", "contract-first", "freeze the contract", "service contract", "define the schema", "sequence diagram", "API design", "contract review", "Protobuf", "AsyncAPI", "OpenAPI", "gRPC schema", "GraphQL schema", "schema-first GraphQL", "write the schema before resolvers", "GraphQL API design".
Repository SourceNeeds Review
technical-risk-management
Identifies, rates, owns, and tracks technical and project risks. Use this skill whenever the user wants to: create or update a risk register, identify risks in a new design or delivery plan, rate a risk using probability and impact, design a mitigation strategy, track risk status, or define early warning indicators for specific risks. Also trigger when the user describes risk situations without naming them: "what could go wrong", "I'm worried about the timeline", "this dependency is outside our control", "technical risks", "delivery risk", "risk assessment", "risk mitigation", "risk tracking", "early warning".
Repository SourceNeeds Review