ワンクリックで
security-toolkit
Repository security best-practice reviews, threat modeling, and security ownership analysis.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Repository security best-practice reviews, threat modeling, and security ownership analysis.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Deterministic SARIF reporting and partitioning. Use when inspecting .sarif or .sarif.json static-analysis output, summarizing findings without loading full JSON into chat, or splitting results by rule, path, severity, or balanced chunks.
Nix operational playbooks for package diffs, build debugging, closure analysis, dependency forensics, flake maintenance, and evaluation performance tuning. Use when comparing Nix build outputs, diagnosing derivation failures, finding unexpected runtime/build dependencies, inspecting closure size, maintaining flakes, or profiling slow NixOS/Home Manager/Nixvim evaluation.
GitHub issue discovery, targeted triage, issue creation, pull-request creation, review authoring, review-feedback handling, and CI check-fix workflows using gh CLI. Use for read or write work against GitHub issues, pull requests, reviews, or checks.
Git commit planning, fixup/autosquash, branch cleanup, conflict resolution, regression bisect, and multi-commit change-stack workflows. Use for safe local history operations or deciding how changes should be split, repaired, or validated.
Progressive context-architecture expert for repository instructions, AI prompts, rules, agents, commands, and skills. Use when initializing, designing, refactoring, or auditing AI configuration for clear boundaries and token-efficient disclosure.
Use for working with Jujutsu (jj) history workflows, including hunk-level split/squash/diffedit/restore via `jj-hunk-tool`.
| name | security-toolkit |
| description | Repository security best-practice reviews, threat modeling, and security ownership analysis. |
Use only when the user explicitly asks for security analysis:
Pick one mode; load only its reference. If intent is unclear, ask first.
references/prompt-template.md as the output contract.