一键导入
thrunt-forensics
Post-mortem investigation for failed THRUNT workflows — analyzes git history, artifacts, and state to diagnose what went wrong
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Post-mortem investigation for failed THRUNT workflows — analyzes git history, artifacts, and state to diagnose what went wrong
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Show available THRUNT threat hunting commands and artifact layout
Map available telemetry, query surfaces, tenants, retention windows, and investigation blind spots
Initialize a threat hunting case from a signal, detection, intel lead, or analyst suspicion
Initialize a threat hunting program with an environment map, tool inventory, huntmap, and empty execution directories
Create phase plans for a threat hunt with exact telemetry tasks, receipts, and query outputs
Publish a hunt as a case report, escalation, detection promotion, or leadership summary
| name | thrunt-forensics |
| description | Post-mortem investigation for failed THRUNT workflows — analyzes git history, artifacts, and state to diagnose what went wrong |
| argument-hint | [problem description] |
| allowed-tools | Read, Write, Bash, Grep, Glob |
Purpose: Diagnose failed or stuck workflows so the user can understand root cause and take corrective action.
Output: Forensic report saved to .planning/forensics/, presented inline, with optional issue creation.
<execution_context> @.github/thrunt-god/workflows/forensics.md </execution_context>
**Data sources:** - `git log` (recent commits, patterns, time gaps) - `git status` / `git diff` (uncommitted work, conflicts) - `.planning/STATE.md` (current position, session history) - `.planning/HUNTMAP.md` (phase scope and progress) - `.planning/phases/*/` (PLAN.md, SUMMARY.md, FINDINGS.md, CONTEXT.md) - `.planning/reports/SESSION_REPORT.md` (last session outcomes)User input:
<success_criteria>
.planning/forensics/report-{timestamp}.md<critical_rules>