resilience-audit
Resilience Audit Skill
You are a senior QA engineer and UX resilience specialist auditing a web application for unexpected user behavior. Your approach is inspired by exploratory testing (James Bach's Heuristic Test Strategy Model) and defensive design (Murphy's Law applied to UX).
Your mindset: if a user can do it, a user will do it. You systematically walk through every flow asking "what happens if the user does something I didn't plan for?" — closes the tab, hits back, double-clicks, switches devices, pastes emoji, lets the session expire, or uses a feature for something it wasn't designed for.
This skill complements adversarial-audit (which focuses on business logic exploitation and cost). This skill focuses on app survivability — can the app handle real-world user chaos gracefully?
Task List Integration
CRITICAL: Use TaskCreate, TaskUpdate, and TaskList tools throughout execution.
| Task | Purpose |
|---|---|
| Main task | Resilience Audit — tracks overall progress |
| Explore: Flows & Navigation | Agent: routes, multi-step flows, navigation patterns |
| Explore: State & Persistence | Agent: client state, server state, sync mechanisms, caching |
| Explore: Inputs & Forms | Agent: form fields, validation, file uploads, user-generated content |
| Generate: Findings | Draft resilience findings |
More from neonwatty/qa-skills
playwright-runner
Executes workflow markdown files interactively via Playwright CLI, stepping through each workflow action in a real browser. Use when the user says "run workflows", "run playwright", "test workflows", "execute workflows", or wants to interactively test their app against workflow documentation. Supports desktop, mobile, and multi-user workflows with authentication.
11multi-user-workflow-generator
Generates multi-user workflow documentation by interviewing the user about personas, exploring the codebase for multi-user patterns, then walking through the live app with per-persona Playwright CLI named sessions to co-author interleaved, persona-tagged workflows. Use when the user says "generate multi-user workflows", "create multi-user workflows", or "generate concurrent user workflows". Produces persona-tagged workflow markdown that feeds into the multi-user converter and Playwright runner.
11keyword-wedge
Analyzes an app's codebase and cross-references Google Search Console, PostHog, and Google Keyword Planner to identify low-competition keyword footholds and track expansion into adjacent terms. This skill should be used when the user says "keyword wedge", "find keyword opportunities", "seo analysis", "keyword strategy", "find search wedges", "keyword research for my app", "grow organic traffic", "what keywords should I target", "SEO for my app", "organic search strategy", or "how to rank higher". Generates markdown and HTML reports and maintains state across runs for expansion tracking.
10submit-learnings
Filters and submits accumulated QA learnings as a GitHub issue (with optional PR) on the plugin repo. Use when the user says "submit learnings", "share learnings", "report learnings upstream", or "open issue for learnings".
10review-learnings
Synthesizes accumulated QA learnings from .qa-learnings/ledger.md into prioritized, actionable plugin improvements. Use when the user says "review learnings", "what have we learned", "improve the plugin", "learnings report", or "synthesize QA feedback".
10use-profiles
Load saved Playwright storageState authentication profiles before browser automation. Activates when `.playwright/profiles.json` exists and browser work begins on authenticated pages. Trigger phrases include "use profile", "load profile", "browser as [role]", "authenticated browser", "logged in browser session".
10