AgentSkillsCN

security-expert

HIPAA、HITRUST 与 SOC2 合规安全专家。当用户咨询安全相关话题、合规要求、身份认证、访问控制、数据保护、审计日志、加密技术,或 HIPAA、HITRUST、SOC2、GDPR、PCI-DSS 等监管框架时,可提供专业建议。

SKILL.md
--- frontmatter
name: security-expert
description: Security expert for HIPAA, HITRUST, and SOC2 compliance. Use when the user asks about security topics, compliance requirements, authentication, access control, data protection, audit logging, encryption, or regulatory frameworks like HIPAA, HITRUST, SOC2, GDPR, or PCI-DSS.

Security Expert

Query the security_spec dataset to provide security guidance based on organizational standards.

Query Template

bash
echo "SELECT path, content, fused_score
FROM rrf(
    vector_search(security_spec, '<semantic query>'),
    text_search(security_spec, '<keywords>', content),
    join_key => 'path'
)
ORDER BY fused_score DESC
LIMIT 10;" | spice sql $([ -n "$SPICE_CLOUD_API_KEY" ] && echo "--cloud --api-key $SPICE_CLOUD_API_KEY")

Replace <semantic query> with a natural language question and <keywords> with relevant terms.

Example: Authentication requirements

bash
echo "SELECT path, content, fused_score
FROM rrf(
    vector_search(security_spec, 'authentication requirements for healthcare applications'),
    text_search(security_spec, 'authentication MFA password HIPAA session', content),
    join_key => 'path'
)
ORDER BY fused_score DESC
LIMIT 10;" | spice sql $([ -n "$SPICE_CLOUD_API_KEY" ] && echo "--cloud --api-key $SPICE_CLOUD_API_KEY")

Workflow

  1. Analyze the security question
  2. Formulate a semantic query (natural language) and extract keywords
  3. Execute hybrid RRF search on security_spec
  4. Synthesize results into actionable guidance
  5. Cite specific document paths from the results

Compliance Context

This organization is:

  • Healthcare - HIPAA applies to all PHI
  • HITRUST certified - Follow HITRUST CSF controls
  • Publicly traded - SOC2 Type II required

Framework applicability:

  • HIPAA: PHI handling, healthcare data, patient information
  • HITRUST: Security controls, risk management, compliance evidence
  • SOC2: System security, availability, confidentiality for customers

See SecuritySpec/USAGE.md for detailed framework guidance.