一键导入
security-toolkit
Repository security best-practice reviews, threat modeling, and security ownership analysis.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Repository security best-practice reviews, threat modeling, and security ownership analysis.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Durable cross-provider user and project memory. Must use when asked to remember or persist something, when recording a preference or decision, or after substantial research produces a reusable fact, lesson, or recurring pitfall. Provider-native memory is not a substitute.
Deterministic SARIF reporting and partitioning. Use when inspecting .sarif or .sarif.json static-analysis output, summarizing findings without loading full JSON into chat, or splitting results by rule, path, severity, or balanced chunks.
Nix operational playbooks for package diffs, build debugging, closure analysis, dependency forensics, flake maintenance, and evaluation performance tuning. Use when comparing Nix build outputs, diagnosing derivation failures, finding unexpected runtime/build dependencies, inspecting closure size, maintaining flakes, or profiling slow NixOS/Home Manager/Nixvim evaluation.
GitHub issue discovery, targeted triage, issue creation, pull-request creation, review authoring, review-feedback handling, and CI check-fix workflows using gh CLI. Use for read or write work against GitHub issues, pull requests, reviews, or checks.
Git commit planning, fixup/autosquash, branch cleanup, conflict resolution, regression bisect, and multi-commit change-stack workflows. Use for safe local history operations or deciding how changes should be split, repaired, or validated.
Progressive context-architecture expert for repository instructions, AI prompts, rules, agents, commands, and skills. Use when initializing, designing, refactoring, or auditing AI configuration for clear boundaries and token-efficient disclosure.
| name | security-toolkit |
| description | Repository security best-practice reviews, threat modeling, and security ownership analysis. |
Use only when the user explicitly asks for security analysis:
Pick one mode; load only its reference. If intent is unclear, ask first.
references/prompt-template.md as the output contract.