{"id":"cc1c3b6a-60d5-46e7-8691-5d6723bfe067","shortId":"fcVe6F","kind":"skill","title":"security-bluebook-builder","tagline":"Build a minimal but real security policy for sensitive apps. The output is a single, coherent Blue Book document using MUST/SHOULD/CAN language, with explicit assumptions, scope, and security gates.","description":"# Security Bluebook Builder\n\n## When to Use\n- You need a concise but enforceable security policy for an app handling sensitive data.\n- You want a single Blue Book document with explicit assumptions, controls, and go/no-go gates.\n- The user needs policy guidance grounded in scope, threat model, and operational security defaults rather than generic advice.\n\n## Overview\nBuild a minimal but real security policy for sensitive apps. The output is a single, coherent Blue Book document using MUST/SHOULD/CAN language, with explicit assumptions, scope, and security gates.\n\n## Workflow\n\n### 1) Gather inputs (ask only if missing)\nCollect just enough context to fill the template. If the user has not provided details, ask up to 6 short questions:\n- What data classes are handled (PII, PHI, financial, tokens, content)?\n- What are the trust boundaries (client/server/third parties)?\n- How do users authenticate (OAuth, email/password, SSO, device sessions)?\n- What storage is used (DB, object storage, logs, analytics)?\n- What connectors or third parties are used?\n- Retention and deletion expectations (default + user-initiated)?\n\nIf the user cannot answer, proceed with safe defaults and mark TODOs.\n\n### 2) Draft the Blue Book\nLoad `references/bluebook_template.md` and fill it with the provided details. Keep it concise, deterministic, and enforceable.\n\n### 3) Enforce guardrails\n- Do not include secrets, tokens, or internal credentials.\n- If something is unknown, write \"TODO\" plus a clear assumption.\n- Fail closed: if a capability is required but unavailable, call it out explicitly.\n- Keep scope minimal; do not add features or tools beyond what the user asked for.\n\n### 4) Quality checks\nConfirm the Blue Book includes:\n- Threat model (assumptions + out-of-scope)\n- Data classification + handling rules\n- Trust boundaries + controls\n- Auth/session policy\n- Token handling policy\n- Logging/audit policy\n- Retention/deletion\n- Incident response mini-runbook\n- Security gates + go/no-go checklist\n\n## Resources\n- `references/bluebook_template.md`\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["security","bluebook","builder","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding"],"capabilities":["skill","source-sickn33","skill-security-bluebook-builder","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/security-bluebook-builder","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34583 github stars · SKILL.md body (2,367 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T18:52:12.176Z","embedding":null,"createdAt":"2026-04-18T21:44:04.558Z","updatedAt":"2026-04-22T18:52:12.176Z","lastSeenAt":"2026-04-22T18:52:12.176Z","tsv":"'1':117 '2':207 '3':227 '4':276 '6':142 'add':266 'advic':85 'analyt':179 'answer':199 'app':14,50,96 'ask':120,139,274,350 'assumpt':29,63,111,247,286 'auth/session':298 'authent':165 'beyond':270 'blue':21,58,103,210,281 'bluebook':3,35 'book':22,59,104,211,282 'boundari':159,296,358 'build':5,87 'builder':4,36 'call':257 'cannot':198 'capabl':252 'check':278 'checklist':314 'clarif':352 'class':147 'classif':292 'clear':246,325 'client/server/third':160 'close':249 'coher':20,102 'collect':124 'concis':43,223 'confirm':279 'connector':181 'content':154 'context':127 'control':64,297 'credenti':237 'criteria':361 'data':53,146,291 'db':175 'default':81,191,203 'delet':189 'describ':329 'detail':138,220 'determinist':224 'devic':169 'document':23,60,105 'draft':208 'email/password':167 'enforc':45,226,228 'enough':126 'environ':341 'environment-specif':340 'expect':190 'expert':346 'explicit':28,62,110,260 'fail':248 'featur':267 'fill':129,215 'financi':152 'gate':33,67,115,312 'gather':118 'generic':84 'go/no-go':66,313 'ground':73 'guardrail':229 'guidanc':72 'handl':51,149,293,301 'incid':306 'includ':232,283 'initi':194 'input':119,355 'intern':236 'keep':221,261 'languag':26,108 'limit':317 'load':212 'log':178 'logging/audit':303 'mark':205 'match':326 'mini':309 'mini-runbook':308 'minim':7,89,263 'miss':123,363 'model':77,285 'must/should/can':25,107 'need':41,70 'oauth':166 'object':176 'oper':79 'out-of-scop':287 'output':16,98,335 'overview':86 'parti':161,184 'permiss':356 'phi':151 'pii':150 'plus':244 'polici':11,47,71,93,299,302,304 'proceed':200 'provid':137,219 'qualiti':277 'question':144 'rather':82 'real':9,91 'references/bluebook_template.md':213,316 'requir':254,354 'resourc':315 'respons':307 'retent':187 'retention/deletion':305 'review':347 'rule':294 'runbook':310 'safe':202 'safeti':357 'scope':30,75,112,262,290,328 'secret':233 'secur':2,10,32,34,46,80,92,114,311 'security-bluebook-build':1 'sensit':13,52,95 'session':170 'short':143 'singl':19,57,101 'skill':320 'skill-security-bluebook-builder' 'someth':239 'source-sickn33' 'specif':342 'sso':168 'stop':348 'storag':172,177 'substitut':338 'success':360 'task':324 'templat':131 'test':344 'third':183 'threat':76,284 'todo':206,243 'token':153,234,300 'tool':269 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'treat':333 'trust':158,295 'unavail':256 'unknown':241 'use':24,39,106,174,186,318 'user':69,134,164,193,197,273 'user-initi':192 'valid':343 'want':55 'workflow':116 'write':242","prices":[{"id":"0292df03-c001-4e98-b6e6-c7240f745f5d","listingId":"cc1c3b6a-60d5-46e7-8691-5d6723bfe067","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:44:04.558Z"}],"sources":[{"listingId":"cc1c3b6a-60d5-46e7-8691-5d6723bfe067","source":"github","sourceId":"sickn33/antigravity-awesome-skills/security-bluebook-builder","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/security-bluebook-builder","isPrimary":false,"firstSeenAt":"2026-04-18T21:44:04.558Z","lastSeenAt":"2026-04-22T18:52:12.176Z"}],"details":{"listingId":"cc1c3b6a-60d5-46e7-8691-5d6723bfe067","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"security-bluebook-builder","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34583,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-22T06:40:00Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"92009c0d4a20f8f47f6d6bfe8aa8ed23aef4a95c","skill_md_path":"skills/security-bluebook-builder/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/security-bluebook-builder"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"security-bluebook-builder","description":"Build a minimal but real security policy for sensitive apps. The output is a single, coherent Blue Book document using MUST/SHOULD/CAN language, with explicit assumptions, scope, and security gates."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/security-bluebook-builder"},"updatedAt":"2026-04-22T18:52:12.176Z"}}