<!--
PROGRESSIVE DISCLOSURE GUIDELINES:
- Keep this SKILL.md file under 500 lines
- Only include core workflows and common patterns here
- Move detailed content to references/ directory
- Link clearly to when references should be consulted
- See: references/WORKFLOW_CHECKLIST.md for workflow pattern examples
- Challenge every sentence: "Does Claude really need this?"
-->
Skill Name
Overview
Brief overview of what this skill provides and its security operations context.
Quick Start
Provide the minimal example to get started immediately:
bash
# Example command or workflow
tool-name --option value
Core Workflow
Sequential Workflow
For straightforward step-by-step operations:
- First action with specific command or operation
- Second action with expected output or validation
- Third action with decision points if needed
Workflow Checklist (for complex operations)
For complex multi-step operations, use a checkable workflow:
Progress:
[ ] 1. Initial setup and configuration
[ ] 2. Run primary security scan or analysis
[ ] 3. Review findings and classify by severity
[ ] 4. Apply remediation patterns
[ ] 5. Validate fixes with re-scan
[ ] 6. Document findings and generate report
Work through each step systematically. Check off completed items.
For more workflow patterns, see references/WORKFLOW_CHECKLIST.md
Feedback Loop Pattern (for validation)
When validation and iteration are needed:
- Generate initial output (configuration, code, etc.)
- Run validation:
./scripts/validator_example.py output.yaml
- Review validation errors and warnings
- Fix identified issues
- Repeat steps 2-4 until validation passes
- Apply the validated output
Note: Move detailed validation criteria to
if complex.
Security Considerations
- Sensitive Data Handling: Guidance on handling secrets, credentials, PII
- Access Control: Required permissions and authorization contexts
- Audit Logging: What should be logged for security auditing
- Compliance: Relevant compliance requirements (SOC2, GDPR, etc.)
Bundled Resources
Scripts ()
Executable scripts for deterministic operations. Use scripts for low-freedom operations requiring consistency.
- - Python script template with argparse, error handling, and JSON output
- - Bash script template with argument parsing and colored output
- - Validation script demonstrating feedback loop pattern
When to use scripts:
- Deterministic operations that must be consistent
- Complex parsing or data transformation
- Validation and quality checks
References ()
On-demand documentation loaded when needed. Keep SKILL.md concise by moving detailed content here.
- - Template for reference documentation with security standards sections
- - Multiple workflow pattern examples (sequential, conditional, iterative, feedback loop)
When to use references:
- Detailed framework mappings (OWASP, CWE, MITRE ATT&CK)
- Advanced configuration options
- Language-specific patterns
- Content exceeding 100 lines
Assets ()
Templates and configuration files used in output (not loaded into context). These are referenced but not read until needed.
- - Security-enhanced CI/CD pipeline with SAST, dependency scanning, secrets detection
- - Security rule template with OWASP/CWE mappings and remediation guidance
When to use assets:
- Configuration templates
- Policy templates
- Boilerplate secure code
- CI/CD pipeline examples
Common Patterns
Pattern 1: [Pattern Name]
Description and example of common usage pattern.
Pattern 2: [Pattern Name]
Additional patterns as needed.
Integration Points
- CI/CD: How this integrates with build pipelines
- Security Tools: Compatible security scanning/monitoring tools
- SDLC: Where this fits in the secure development lifecycle
Troubleshooting
Issue: [Common Problem]
Solution: Steps to resolve.
References