Answer questions about the Zscaler portfolio — full operational depth (T1, with SDK / TF / OneAPI exposure) on ZIA, ZPA (including AppProtection inline WAF/IPS sub-component and Browser Access), ZCC (Client Connector), ZDX (Digital Experience — T1 borderline, observability layer per 2026-05-04 verification gate), ZIdentity (unified identity + OneAPI authentication + step-up auth), and Cloud & Branch Connector (ZTW/ZTC — VM-based traffic forwarding for cloud workloads and branch offices); programmable-but-shallow (T2) on ZBI (Zero Trust Browser / Cloud Browser Isolation) and ZWA (Workflow Automation — DLP incident lifecycle); plus extended awareness with reasoning docs (T3, portal-only / no SDK) on Deception (decoys/honeypots for post-perimeter detection), Risk360 (cyber risk quantification / Monte Carlo / CISO board reporting), the AI Security family (AI Guard runtime guardrails for LLM prompt-injection / jailbreak / sensitive-data / toxicity / refusal detection plus AI Red Teaming / AI Guardrails / four-pill
Use when setting up or repairing this repo's runtime-data mount (default _data, configurable via the root or a downstream-selected runtime config), including mounting a user-supplied data repository or local directory with local setup config, choosing setup-data-mount mode, verifying the public data contract, or configuring a private work mirror that intentionally tracks runtime data.
Use for read-only editorial, structural, hygiene, drift, reference-quality, diff, and release-readiness audits of this Zscaler skill, its reference corpus, code changes, or supplied tenant configuration when an evidence-backed audit register is required.
Use for evidence-based Zscaler architecture reviews involving capacity, scaling, sizing, topology, growth forecasts, structural risk, resilience, single points of failure, or design recommendations.
Use when expanding or correcting Zscaler reference content from vendor sources, including citation-backed documentation, SDK or provider divergence analysis, source mining, reference drift, and verification passes.
Use for journal-first Zscaler incident retrospectives and postmortems when an existing investigation journal or case directory is available and the task needs a warning ledger, evidence map, lessons, or proceed/stop decision.
Use for grounded ad-hoc Zscaler questions about product behavior, policy evaluation, matching semantics, APIs, terminology, coverage boundaries, or tenant observations that do not require a procedural investigation or review.
Use for evidence-based Zscaler security posture reviews, including questions normally routed to /z-soc: defensibility of tenant configuration, RBAC access posture, telemetry coverage gaps, policy enforcement, config posture, and admin activity review. Covers ZIA, ZPA, ZIdentity, and cross-product posture with optional threat-model framing.