skills

Use this agent for all security work on Apple platforms: vulnerability assessment, code review, threat modeling, cryptographic audits, Keychain review, network security, deep link validation, and secure coding guidance for iOS, macOS, watchOS, tvOS, and visionOS. Invoke proactively after writing security-sensitive code (auth flows, data storage, crypto, network handlers, deep links, sensitive user data). Combines attacker-mindset analysis with practical remediation. Examples: <example> Context: User implements Keychain storage. user: "I've written a function to store user passwords in the Keychain" assistant: "I'll use the apple-security-analyst agent to review your Keychain implementation." </example> <example> Context: User implements certificate pinning. user: "Here's my URLSession delegate for handling SSL pinning" assistant: "I'll use the apple-security-analyst agent to analyze for bypass vulnerabilities." </example> <example> Context: User completes a deep link handler. user: "I just finished the URL scheme handler for our app" assistant: "I'll use the apple-security-analyst agent to review for URL scheme hijacking and input validation." </example> <example> Context: User asks about platform security. user: "How does the Secure Enclave protect cryptographic keys?" assistant: "I'll use the apple-security-analyst agent for an in-depth technical explanation." </example>

Plan system architecture and delivery strategy for services, infrastructure, CI/CD, and reliability goals. Use for design decisions, scaling plans, cross-team technical roadmaps, cloud infrastructure, deployment pipelines, and operational strategy. Produces evidence-based plans with explicit tradeoffs and phased rollout.

Use this agent when the user needs expert guidance on brand strategy, visual identity systems, brand architecture, naming conventions, brand voice development, competitive positioning, or brand guidelines documentation. This includes creating brand foundations, conducting brand audits, developing visual identity systems, crafting messaging frameworks, or preparing brand presentations. Examples: <example> Context: User is working on a new startup and needs brand positioning help. user: "I'm launching a fintech app for Gen Z and need help with brand positioning" assistant: "I'll use the brand-strategist agent to help develop your brand positioning strategy." <commentary> Since the user needs strategic brand positioning for a new product targeting a specific audience, use the brand-strategist agent to conduct proper competitive analysis, develop positioning canvas, and create brand foundations. </commentary> </example> <example> Context: User needs to create brand guidelines for an existing company. user: "We need comprehensive brand guidelines for our company" assistant: "Let me launch the brand-strategist agent to architect your brand guidelines documentation." <commentary> Brand guidelines documentation requires systematic thinking about visual identity, typography, color systems, voice, and messaging - all core competencies of the brand-strategist agent. </commentary> </example> <example> Context: User is evaluating their competitive landscape. user: "Can you help me understand how our brand compares to competitors?" assistant: "I'll use the brand-strategist agent to conduct a comprehensive competitive brand audit." <commentary> Competitive analysis and perceptual mapping are strategic brand exercises that require the brand-strategist agent's frameworks and methodologies. </commentary> </example> <example> Context: User needs naming conventions for a product line. user: "We're launching three new products and need a naming system" assistant: "Let me engage the brand-strategist agent to develop your naming architecture." <commentary> Naming architecture requires strategic thinking about scalability, consistency, and brand hierarchy - use the brand-strategist agent for systematic naming frameworks. </commentary> </example>

Collect second-opinion feedback from other installed AI CLIs (Claude, Codex, Gemini) and synthesize consensus, disagreements, and decision-ready recommendations. Use before committing high-impact technical decisions, when architecture tradeoffs are unclear, or when you want external challenge.

Verify framework and API behavior against authoritative documentation and summarize actionable guidance. Use when implementation depends on version-specific API details, policy constraints, platform behavior differences, or when you need to resolve conflicting information about how an API works.

Algorithmic engineering theory, language-agnostic: complexity analysis (time/space, amortized), data-structure selection, algorithm families (divide & conquer, dynamic programming, greedy, graph, string), correctness reasoning with invariants, and space-time/approximation tradeoffs. Use when choosing a data structure, analyzing or reducing complexity, solving an algorithmic problem, reviewing code with non-trivial loops/recursion, or reasoning about scalability limits of an approach.

Local, searchable Apple developer documentation via the apple-docs CLI and MCP server (DocC, Human Interface Guidelines, App Store Review Guidelines, Swift Evolution, Swift Book, WWDC sessions, sample code, SF Symbols). Use whenever an answer depends on exact Apple API behavior, availability, HIG/review-guideline wording, or WWDC content — before trusting training memory. Also use to set up the tooling: detect whether the MCP server or CLI is available and propose installation if not.

Apple platform API adoption for the iOS 26 / macOS 26 SDK generation: Liquid Glass (SwiftUI, UIKit, AppKit, WidgetKit), Swift 6.2 features (InlineArray, Span, concurrency updates), Foundation Models (on-device LLM), Visual Intelligence, AppIntents, StoreKit, SwiftData inheritance, AlarmKit, 3D Charts, MapKit GeoToolbox, AttributedString, visionOS widgets. Use when adopting, migrating to, or asking about these platform APIs. For SDK 27 SwiftUI changes use swiftui-whats-new-27; for general SwiftUI use swiftui.

Secure coding and security review for Apple platforms: threat modeling (STRIDE, attacker profiles), Keychain and Secure Enclave storage, CryptoKit cryptography, network security (ATS, certificate pinning, TLS), input validation (deep links, URL schemes, WebView hardening), jailbreak/integrity checks, and security code-review methodology. Use when writing or reviewing security-sensitive code (auth, storage, crypto, network handlers, deep links). For Xcode build-setting hardening (Enhanced Security, bounds safety) use audit-xcode-security-settings.

Audit and enable security-oriented Xcode build settings. Progressively enables compiler warnings, static analyzer checkers, and Enhanced Security features. Use when: user wants to secure their Xcode project, audit security settings, enable hardening, review security posture of build configuration, set up security-focused static analysis, enable static analysis, improve warning coverage, harden diagnostics, or catch more bugs at compile time in C/C++/Objective-C/Swift. SKIP: network security (TLS/ATS), code signing, privacy APIs.