{"id":"103f8fc1-5e22-46a2-848d-cb078ba85fb2","shortId":"TTC6Qz","kind":"skill","title":"incident-to-prompt","tagline":"Use this skill to convert a security incident or public vulnerability pattern into reusable audit prompts, checklists, tests, and AGENTS.md rules. Do not use it to generate exploit instructions.","description":"# incident-to-prompt\n\n## English\n\n### Purpose\n\nConvert incidents into durable review material.\n\n### Workflow\n\n1. Summarize the incident pattern.\n2. Identify affected domains.\n3. Map to code shapes.\n4. Generate checklist items.\n5. Generate prompt rules.\n6. Generate regression/fuzz/invariant test ideas.\n7. Generate AGENTS.md rule updates.\n8. Mark human-review requirements.\n\n### Safety rules\n\nDo not include exploit payloads beyond defensive reproduction summaries.\n\n\n### Canonical finding format\n\n```yaml\nid: F-001\nseverity: Critical | High | Medium | Low | Informational\nconfidence: High | Medium | Low\ncategory:\naffected_code:\nroot_cause:\nexploit_path:\npreconditions:\nimpact:\nevidence:\nminimal_fix:\nregression_test:\nauto_fix_suitability: Safe | Needs Human Review | Do Not Auto-Fix\nnotes:\n```\n\n### v0.6 operational guardrails\n\n- Keep the skill within its stated trigger conditions and the user's explicitly provided scope.\n- Preserve project safety boundaries: audit-only by default; Do not execute exploits, Do not auto-merge, Do not upload private source code or secrets, and do not scan unrelated repositories without explicit user request.\n- Ask for explicit human approval before patching high-risk auth, IAM, governance, funds, terminal, or agent-tooling behavior.\n- Report validation performed, files changed, residual risk, and any skipped future-phase work when finished.\n\n## 中文\n\n### 目的\n\n使用这个 skill 进行安全事件转 prompt 和规则更新。它应该帮助审查者把输入边界、风险证据、影响、修复建议和回归测试组织成可复核的安全输出。\n\n### 触发条件\n\n适用于 把安全事件、公开漏洞模式或内部 postmortem 转成 checklist、prompt rule、test idea 和 AGENTS.md rule。如果请求超出这些边界，先说明范围差异，并选择更合适的 prompt、skill 或人工 review 路径。\n\n### 不适用场景\n\n不要用于生成 exploit 指令、攻击 payload、生产攻击步骤或可滥用的绕过教程。不要把这个 skill 当作自动扫描整个仓库、执行 exploit、上传私有源码或 secrets、自动提交、自动推送或 auto-merge 的许可。\n\n### 操作流程\n\n1. 明确用户给出的目标、允许查看的材料和不能触碰的范围。\n2. 收集必要上下文，但只读取完成任务所需的文件、diff、workflow、fixture 或文档。\n3. 识别 trust boundary、privileged operation、sensitive data、preconditions 和 security impact。\n4. 只报告有 evidence 的 finding；缺少上下文时写 question 或 assumption。\n5. 为 confirmed issue 提出 minimal fix，并规划能捕捉同类事件的 regression、fuzz、invariant 或 review scenario。\n6. 完成后报告验证输出、残余风险和需要人工确认的事项。\n\n### 安全规则\n\n默认 audit-only。未经明确授权，不 patch、不 commit、不 push、不创建 PR、不 merge。不要执行 exploit，不要访问生产系统，不要打印 secrets。涉及 IAM、authz 模型、资金、治理、terminal 执行或 agent-tooling 权限的修复必须进入人工 review。\n\n### 输出要求\n\n使用 canonical finding format。每个 finding 都要包含 severity、confidence、category、affected_code、root_cause、exploit_path、preconditions、impact、evidence、minimal_fix、regression_test、auto_fix_suitability 和 notes。","tags":["incident","prompt","security","audit","playbook","edmund-xl","agent-skills","chatgpt","codex","devsecops","mcp","smart-contracts"],"capabilities":["skill","source-edmund-xl","skill-incident-to-prompt","topic-agent-skills","topic-audit","topic-chatgpt","topic-codex","topic-devsecops","topic-mcp","topic-security","topic-smart-contracts"],"categories":["ai-security-audit-playbook"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/edmund-xl/ai-security-audit-playbook/incident-to-prompt","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add edmund-xl/ai-security-audit-playbook","source_repo":"https://github.com/edmund-xl/ai-security-audit-playbook","install_from":"skills.sh"}},"qualityScore":"0.453","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 7 github stars · SKILL.md body (2,506 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:13:43.799Z","embedding":null,"createdAt":"2026-05-18T13:21:29.266Z","updatedAt":"2026-05-18T19:13:43.799Z","lastSeenAt":"2026-05-18T19:13:43.799Z","tsv":"'-001':102 '1':47,284 '2':52,287 '3':56,294 '4':61,306 '5':65,315 '6':69,329 '7':74 '8':79 'affect':54,114,377 'agent':211,362 'agent-tool':210,361 'agents.md':24,76,253 'approv':198 'ask':194 'assumpt':314 'audit':19,163,335 'audit-on':162,334 'auth':204 'authz':355 'auto':127,137,174,280,390 'auto-fix':136 'auto-merg':173,279 'behavior':213 'beyond':92 'boundari':161,297 'canon':96,368 'categori':113,376 'caus':117,380 'chang':218 'checklist':21,63,247 'code':59,115,181,378 'commit':341 'condit':150 'confid':109,375 'confirm':317 'convert':9,40 'critic':104 'data':301 'default':166 'defens':93 'diff':290 'domain':55 'durabl':43 'english':38 'evid':122,308,385 'execut':169 'explicit':155,191,196 'exploit':32,90,118,170,265,274,349,381 'f':101 'file':217 'find':97,310,369,372 'finish':229 'fix':124,128,138,321,387,391 'fixtur':292 'format':98,370 'fund':207 'futur':225 'future-phas':224 'fuzz':324 'generat':31,62,66,70,75 'govern':206 'guardrail':142 'high':105,110,202 'high-risk':201 'human':82,132,197 'human-review':81 'iam':205,354 'id':100 'idea':73,251 'identifi':53 'impact':121,305,384 'incid':2,12,35,41,50 'incident-to-prompt':1,34 'includ':89 'inform':108 'instruct':33 'invari':325 'issu':318 'item':64 'keep':143 'low':107,112 'map':57 'mark':80 'materi':45 'medium':106,111 'merg':175,281,347 'minim':123,320,386 'need':131 'note':139,394 'oper':141,299 'patch':200,339 'path':119,382 'pattern':16,51 'payload':91,268 'perform':216 'phase':226 'postmortem':245 'pr':345 'precondit':120,302,383 'preserv':158 'privat':179 'privileg':298 'project':159 'prompt':4,20,37,67,235,248,258 'provid':156 'public':14 'purpos':39 'push':343 'question':312 'regress':125,323,388 'regression/fuzz/invariant':71 'report':214 'repositori':189 'reproduct':94 'request':193 'requir':84 'residu':219 'reusabl':18 'review':44,83,133,261,327,365 'risk':203,220 'root':116,379 'rule':25,68,77,86,249,254 'safe':130 'safeti':85,160 'scan':187 'scenario':328 'scope':157 'secret':183,276,352 'secur':11,304 'sensit':300 'sever':103,374 'shape':60 'skill':7,145,233,259,271 'skill-incident-to-prompt' 'skip':223 'sourc':180 'source-edmund-xl' 'state':148 'suitabl':129,392 'summar':48 'summari':95 'termin':208,359 'test':22,72,126,250,389 'tool':212,363 'topic-agent-skills' 'topic-audit' 'topic-chatgpt' 'topic-codex' 'topic-devsecops' 'topic-mcp' 'topic-security' 'topic-smart-contracts' 'trigger':149 'trust':296 'unrel':188 'updat':78 'upload':178 'use':5,28 'user':153,192 'v0.6':140 'valid':215 'vulner':15 'within':146 'without':190 'work':227 'workflow':46,291 'yaml':99 '上传私有源码或':275 '不':338,340,342,346 '不创建':344 '不要打印':351 '不要执行':348 '不要把这个':270 '不要用于生成':264 '不要访问生产系统':350 '不适用场景':263 '中文':230 '为':316 '但只读取完成任务所需的文件':289 '使用':367 '使用这个':232 '修复建议和回归测试组织成可复核的安全输出':240 '允许查看的材料和不能触碰的范围':286 '先说明范围差异':256 '公开漏洞模式或内部':244 '只报告有':307 '和':252,303,393 '和规则更新':236 '如果请求超出这些边界':255 '它应该帮助审查者把输入边界':237 '安全规则':332 '完成后报告验证输出':330 '并规划能捕捉同类事件的':322 '并选择更合适的':257 '当作自动扫描整个仓库':272 '影响':239 '或':313,326 '或人工':260 '或文档':293 '执行':273 '执行或':360 '把安全事件':243 '指令':266 '提出':319 '操作流程':283 '收集必要上下文':288 '攻击':267 '明确用户给出的目标':285 '未经明确授权':337 '权限的修复必须进入人工':364 '模型':356 '残余风险和需要人工确认的事项':331 '每个':371 '治理':358 '涉及':353 '生产攻击步骤或可滥用的绕过教程':269 '的':309 '的许可':282 '目的':231 '缺少上下文时写':311 '自动推送或':278 '自动提交':277 '触发条件':241 '识别':295 '资金':357 '路径':262 '转成':246 '输出要求':366 '进行安全事件转':234 '适用于':242 '都要包含':373 '风险证据':238 '默认':333","prices":[{"id":"d36bd15a-77da-4662-adc1-4742a71a8b83","listingId":"103f8fc1-5e22-46a2-848d-cb078ba85fb2","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"edmund-xl","category":"ai-security-audit-playbook","install_from":"skills.sh"},"createdAt":"2026-05-18T13:21:29.266Z"}],"sources":[{"listingId":"103f8fc1-5e22-46a2-848d-cb078ba85fb2","source":"github","sourceId":"edmund-xl/ai-security-audit-playbook/incident-to-prompt","sourceUrl":"https://github.com/edmund-xl/ai-security-audit-playbook/tree/main/skills/incident-to-prompt","isPrimary":false,"firstSeenAt":"2026-05-18T13:21:29.266Z","lastSeenAt":"2026-05-18T19:13:43.799Z"}],"details":{"listingId":"103f8fc1-5e22-46a2-848d-cb078ba85fb2","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"edmund-xl","slug":"incident-to-prompt","github":{"repo":"edmund-xl/ai-security-audit-playbook","stars":7,"topics":["agent-skills","audit","chatgpt","codex","devsecops","mcp","security","smart-contracts"],"license":"mit","html_url":"https://github.com/edmund-xl/ai-security-audit-playbook","pushed_at":"2026-05-13T02:30:26Z","description":"Local-first, audit-only security review playbook for AI coding agents: prompts, skills, read-only MCP, findings, and regression tests.","skill_md_sha":"4b9252e36326c6962c7a74b54dfd99784d5f5555","skill_md_path":"skills/incident-to-prompt/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/edmund-xl/ai-security-audit-playbook/tree/main/skills/incident-to-prompt"},"layout":"multi","source":"github","category":"ai-security-audit-playbook","frontmatter":{"name":"incident-to-prompt","description":"Use this skill to convert a security incident or public vulnerability pattern into reusable audit prompts, checklists, tests, and AGENTS.md rules. Do not use it to generate exploit instructions."},"skills_sh_url":"https://skills.sh/edmund-xl/ai-security-audit-playbook/incident-to-prompt"},"updatedAt":"2026-05-18T19:13:43.799Z"}}