RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric cryptographic algorithm, used for digital

'This skill covers deploying HashiCorp Vault for centralized secrets management across cloud environments, including

Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment

'Implements security monitoring using Datadog Cloud SIEM, Cloud Security Management (CSM), and Workload Protection

Write multi-event correlation rules that detect APT lateral movement by chaining Windows authentication events,

'Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics

'Implements Sigstore-based software signing and verification using Cosign keyless signing, Rekor transparency

Implement software supply chain integrity verification for container builds using the in-toto framework to create

Implement a structured threat intelligence lifecycle encompassing planning, collection, processing, analysis,

'Investigates insider threat indicators including data exfiltration attempts, unauthorized access patterns, policy

Use BloodHound and SharpHound to enumerate Active Directory relationships and identify attack paths from compromised

'Performs automated static analysis of Android applications using Mobile Security Framework (MobSF) to identify

Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction,

Perform comprehensive cloud asset inventory and relationship mapping using Cartography to build a Neo4j security

Hunt for threats in AWS environments using Detective behavior graphs, entity investigation timelines, GuardDuty

Extract stored credentials from compromised endpoints using the LaZagne post-exploitation tool to recover passwords

Perform systematic SIEM false positive reduction through rule tuning, threshold adjustment, correlation refinement,

'Performs firmware image extraction and analysis using binwalk to identify embedded filesystems, compressed archives,

Integrate Hardware Security Modules (HSMs) using PKCS#11 interface for cryptographic key management, signing

Assess the security posture of Kubernetes etcd clusters by evaluating encryption at rest, TLS configuration,

Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise

Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications,

Capture and analyze network traffic using Wireshark and tshark to reconstruct network events, extract artifacts,

Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection,

'Automates the Privacy Impact Assessment (PIA) workflow including data flow mapping, privacy risk scoring matrices,

Automate credential rotation for service accounts across Active Directory, cloud platforms, and application databases

'Performs User and Entity Behavior Analytics (UEBA) to detect anomalous user activities including impossible

'Reverse engineers iOS applications using Frida dynamic instrumentation to understand internal logic, extract

Reverse engineer ransomware encryption routines to identify cryptographic algorithms, key generation flaws, and

'This skill covers integrating Aqua Security''s Trivy scanner into CI/CD pipelines for comprehensive container

'This skill guides practitioners through hardening AWS Identity and Access Management configurations to enforce

'This skill instructs security practitioners on deploying Microsoft Defender for Cloud as a cloud-native application

'Securing container registry images by implementing vulnerability scanning with Trivy and Grype, enforcing image

'This skill covers security hardening for serverless compute platforms including AWS Lambda, Azure Functions,

>

>

IMMEDIATELY USE THIS SKILL when creating or develop anything and before writing code or implementation plans - refines rough ideas into fully-formed designs through structured Socratic questioning, alternative exploration, and incremental validation

Searches and explores Burp Suite project files (.burp) from the command line. Use when searching response headers or bodies with regex patterns, extracting security audit findings, dumping proxy history or site map data, or analyzing HTTP traffic captured in a Burp project.

>

Runs a trailmark summary analysis on a codebase. Returns language detection, entry point count, and dependency graph shape. Use when vivisect or galvanize needs a quick structural overview. Triggers: trailmark summary, code summary, structural overview.

Builds and queries multi-language source code graphs for security analysis. Includes pre-analysis passes for blast radius, taint propagation, privilege boundaries, and entry point enumeration. Use when analyzing call paths, mapping attack surface, finding complexity hotspots, enumerating entry points, tracing taint propagation, measuring blast radius, or building a code graph for audit prioritization. Supports 16 languages including Solidity, Cairo, Circom, Rust, Go, Python, C/C++, TypeScript.

MUST be used for Vue.js tasks. Strongly recommends Composition API with `<script setup>` and TypeScript as the standard approach. Covers Vue 3, SSR, Volar, vue-tsc. Load for any Vue, .vue files, Vue Router, Pinia, or Vite with Vue work. ALWAYS use Composition API unless the project explicitly requires Options API.

Every agent action verified. Every decision recorded. Every record signed.

Chinese mutual fund intelligent advisor with real-time valuation, buy/sell suggestions, profit tracking, SIP planning, OCR recognition, and stock-fund linkage. Supports offline mode and multi-source caching.

Assist with physics from intuitive explanations to formal derivations at any level.

>

<!--

This exported skill uses `AGENTS.md` only as a local repo-root marker for bundled helper scripts.

This file documents how this AI Persona operates—the rules learned through practice, patterns that work, and lessons that became doctrine.

从PDF报价单中提取产品信息（型号、数量、价格、币种、图片）。当用户需要从PDF报价单或产品目录中提取结构化产品数据时使用，特别适用于电商产品列表或价格表。