AgentSkillsCN

security-incident-response

针对从检测到遏制的响应流程与证据管理的专项工作流程。当安全控制、滥用路径分析或漏洞修复是核心关注点时使用;切勿用于非安全性的质量优化。

SKILL.md
--- frontmatter
name: security-incident-response
description: Specialized workflow for detection-to-containment response workflow and evidence handling. Use when security controls, abuse-path analysis, or vulnerability treatment are central; do not use for non-security quality optimization.

Security Incident Response

Trigger Boundary

  • Use when security controls, abuse paths, or compliance obligations must be defined.
  • Do not use for non-security product prioritization; use requirement or roadmap skills.
  • Do not use for purely aesthetic UI decisions.

Goal

Reduce exploitable risk with verifiable security controls.

Inputs

  • Change scope and risk profile
  • Domain evidence for detection-to-containment response workflow and evidence handling
  • Operational, compliance, and rollout constraints

Outputs

  • Incident response playbook and escalation matrix
  • Decision log for detection-to-containment response workflow and evidence handling
  • Verification checklist with measurable pass-fail criteria

Workflow

  1. Clarify outcomes and hard constraints for detection-to-containment response workflow and evidence handling.
  2. Produce options and select an approach for detection-to-containment response workflow and evidence handling.
  3. Evaluate trade-offs across security, performance, operability, and maintainability.
  4. Verify decisions using response drill with timeline and communication checkpoints.
  5. Publish decisions, residual risks, and accountable follow-up actions.

Quality Gates

  • Scope and assumptions for detection-to-containment response workflow and evidence handling are explicit and reviewable.
  • Decision rationale is backed by evidence instead of preference.
  • Rollout and rollback criteria are defined when production impact exists.
  • Residual risks have owners, due dates, and verification steps.

Failure Handling

  • Stop when containment or communication responsibilities are undefined.
  • Escalate when accepted risk exceeds team policy thresholds.