security-incident-response
Security Incident Response
Investigate the incident, determine exposure, and produce a practical response plan. Be careful, evidence-driven, and explicit about uncertainty.
This skill covers incidents such as CVEs, framework advisories, npm/PyPI/RubyGems supply-chain attacks, compromised GitHub Actions, cache poisoning, leaked tokens, malicious packages, and vulnerable dependency ranges.
Safety rules
- Do not execute untrusted project scripts, package lifecycle hooks, or downloaded PoCs.
- Prefer static inspection, lockfile parsing, and scanners that do not run project code.
- If installation is necessary, use safe modes such as
npm ci --ignore-scripts,pnpm install --ignore-scripts, or equivalent. - Do not publish exploitable details unnecessarily. Use private disclosure channels for third-party findings.
- Preserve evidence: URLs, advisory IDs, affected versions, command output, lockfile paths, and timestamps.
- Distinguish confirmed exposure from possible exposure and unknowns.
Workflow
1. Clarify scope without blocking
More from olivoil/skills
resolve-mappings
Use when you need to resolve project/repo/calendar/channel/FreshBooks mappings from the shared cache — loads mapping files, applies CONTAINS-match logic, learns new mappings
1session-rollup
Summarize recent work from Engram memory into an Obsidian coding note and link it from the daily note. Use when wrapping up a coding session or when asked to sync recent project work into the vault.
1pr-review
Use when asked to review a pull request, inspect a PR URL or number, review a local branch before opening a PR, post GitHub review comments, or give code-review feedback on changed files.
1weekly-rollup
Generate a weekly summary from daily notes — time totals, meeting highlights, coding sessions, key decisions, and todo progress. Use when asked for a weekly summary from daily notes, meetings, and todos.
1topic-pulse
Research recently active topics from the vault and deepen topic notes with concept documentation, subtopic exploration, and selective fresh context. Use when you want Topics notes expanded from recent vault activity.
1write-vault-section
Use when you need to append or replace a named section in an Obsidian note — handles idempotency, section positioning, Obsidian CLI with filesystem fallback
1