Use when adding or modifying rules in default_rules.yaml, when benchmarking rule performance against test corpuses, or when validating regex anchors and keyword choices. Detection rule edit-bench-compare workflow.
التثبيت
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
Use when adding or modifying rules in default_rules.yaml, when benchmarking rule performance against test corpuses, or when validating regex anchors and keyword choices. Detection rule edit-bench-compare workflow.
user-invocable
true
Rule Optimization Workflow
Use after modifying rules in crates/scanner-engine/default_rules.yaml
(loaded by crates/scanner-engine/src/rules/).
Note:../linux, ../gitleaks, ../tigerbeetle, ../trufflehog are
external test corpus directories. They are optional and must be cloned
separately if not already present.
Compare throughput/findings against baseline
Document anchor/keyword choice if non-obvious (add inline comment)
Pattern Guidelines
When adding or modifying rules:
Anchors
Prefer structured prefixes (sgp_, hvs., AKIA) over service name keywords
Avoid generic patterns like [a-fA-F0-9]{40} that match git SHAs