zhongwei/gh-agentsecops-secopsagentkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
gh-agentsecops-secopsagentkit/skills/_template/SKILL.md
Zhongwei Li ff1f4bd119 Initial commit
2025-11-29 17:51:02 +08:00

5.0 KiB
Raw Permalink Blame History

name, description, version, maintainer, category, tags, frameworks
name description version maintainer category tags frameworks
skill-name [REQUIRED] Comprehensive description of what this skill does and when to use it. Include: (1) Primary functionality, (2) Specific use cases, (3) Security operations context. Must include specific "Use when:" clause for skill discovery. Example: "SAST vulnerability analysis and remediation guidance using Semgrep and industry security standards. Use when: (1) Analyzing static code for security vulnerabilities, (2) Prioritizing security findings by severity, (3) Providing secure coding remediation, (4) Integrating security checks into CI/CD pipelines." Maximum 1024 characters. 0.1.0 your-github-username
appsec|devsecops|secsdlc|threatmodel|compliance|incident-response
relevant
security
tags
OWASP|CWE|MITRE-ATT&CK|NIST|SOC2

Skill Name

Overview

Brief overview of what this skill provides and its security operations context.

Quick Start

Provide the minimal example to get started immediately:

# Example command or workflow
tool-name --option value

Core Workflow

Sequential Workflow

For straightforward step-by-step operations:

  1. First action with specific command or operation
  2. Second action with expected output or validation
  3. Third action with decision points if needed

Workflow Checklist (for complex operations)

For complex multi-step operations, use a checkable workflow:

Progress: [ ] 1. Initial setup and configuration [ ] 2. Run primary security scan or analysis [ ] 3. Review findings and classify by severity [ ] 4. Apply remediation patterns [ ] 5. Validate fixes with re-scan [ ] 6. Document findings and generate report

Work through each step systematically. Check off completed items.

For more workflow patterns, see references/WORKFLOW_CHECKLIST.md

Feedback Loop Pattern (for validation)

When validation and iteration are needed:

  1. Generate initial output (configuration, code, etc.)
  2. Run validation: ./scripts/validator_example.py output.yaml
  3. Review validation errors and warnings
  4. Fix identified issues
  5. Repeat steps 2-4 until validation passes
  6. Apply the validated output

Note: Move detailed validation criteria to references/ if complex.

Security Considerations

  • Sensitive Data Handling: Guidance on handling secrets, credentials, PII
  • Access Control: Required permissions and authorization contexts
  • Audit Logging: What should be logged for security auditing
  • Compliance: Relevant compliance requirements (SOC2, GDPR, etc.)

Bundled Resources

Scripts (scripts/)

Executable scripts for deterministic operations. Use scripts for low-freedom operations requiring consistency.

  • example_script.py - Python script template with argparse, error handling, and JSON output
  • example_script.sh - Bash script template with argument parsing and colored output
  • validator_example.py - Validation script demonstrating feedback loop pattern

When to use scripts:

  • Deterministic operations that must be consistent
  • Complex parsing or data transformation
  • Validation and quality checks

References (references/)

On-demand documentation loaded when needed. Keep SKILL.md concise by moving detailed content here.

  • EXAMPLE.md - Template for reference documentation with security standards sections
  • WORKFLOW_CHECKLIST.md - Multiple workflow pattern examples (sequential, conditional, iterative, feedback loop)

When to use references:

  • Detailed framework mappings (OWASP, CWE, MITRE ATT&CK)
  • Advanced configuration options
  • Language-specific patterns
  • Content exceeding 100 lines

Assets (assets/)

Templates and configuration files used in output (not loaded into context). These are referenced but not read until needed.

  • ci-config-template.yml - Security-enhanced CI/CD pipeline with SAST, dependency scanning, secrets detection
  • rule-template.yaml - Security rule template with OWASP/CWE mappings and remediation guidance

When to use assets:

  • Configuration templates
  • Policy templates
  • Boilerplate secure code
  • CI/CD pipeline examples

Common Patterns

Pattern 1: [Pattern Name]

Description and example of common usage pattern.

Pattern 2: [Pattern Name]

Additional patterns as needed.

Integration Points

  • CI/CD: How this integrates with build pipelines
  • Security Tools: Compatible security scanning/monitoring tools
  • SDLC: Where this fits in the secure development lifecycle

Troubleshooting

Issue: [Common Problem]

Solution: Steps to resolve.

References

Reference in New Issue View Git Blame Copy Permalink