../../../marketing-skill/social-media-analyzer/SKILL.md

../../../marketing-skill/social-media-manager/SKILL.md

../../../agents/finance/cs-financial-analyst.md

../../../finance/financial-analyst/SKILL.md

../../../engineering-team/senior-data-scientist/SKILL.md

Use when assessing cloud infrastructure for security misconfigurations, IAM privilege escalation paths, S3 public exposure, open security group rules, or IaC security gaps. Covers AWS, Azure, and GCP posture assessment with MITRE ATT&CK mapping.

Use when a security incident has been detected or declared and needs classification, triage, escalation path determination, and forensic evidence collection. Covers SEV1-SEV4 classification, false positive filtering, incident taxonomy, and NIST SP 800-61 lifecycle.

Use when hunting for threats in an environment, analyzing IOCs, or detecting behavioral anomalies in telemetry. Covers hypothesis-driven threat hunting, IOC sweep generation, z-score anomaly detection, and MITRE ATT&CK-mapped signal prioritization.

Agent Workflow Designer

Env & Secrets Manager

Agile product ownership for backlog management and sprint execution. Covers user story writing, acceptance criteria, sprint planning, and velocity tracking. Use for writing user stories, creating acceptance criteria, planning sprints, estimating story points, breaking down epics, or prioritizing backlog.

Help plan organizational structure, headcount, and team design.

Draft a professional customer-facing response tailored to the situation and relationship. Use when answering a product question, responding to an escalation or outage, delivering bad news like a delay or won't-fix, declining a feature request, or replying to a billing issue.

zoom-meeting-sdk-unreal

Plan a sprint — scope work, estimate capacity, set goals, and draft a sprint plan. Use when kicking off a new sprint, sizing a backlog against team availability (accounting for PTO and meetings), deciding what's P0 vs. stretch, or handling carryover from the last sprint.

A conversational framework for systematic scientific problem selection based on Fischbach & Walsh's "Problem choice and decision trees in science and engineering" (Cell, 2024).

> If you see unfamiliar placeholders or need to check which tools are connected, see [CONNECTORS.md](../../CONNECTORS.md).

> If you see unfamiliar placeholders or need to check which tools are connected, see [CONNECTORS.md](../../CONNECTORS.md).

Triage and prioritize a support ticket or customer issue. Use when a new ticket comes in and needs categorization, assigning P1-P4 priority, deciding which team should handle it, or checking whether it's a duplicate or known issue before routing.

Prioritize a backlog of feature ideas based on impact, effort, risk, and strategic alignment with top 5 recommendations. Use when prioritizing a feature backlog, making scope decisions, or ranking product ideas.

Analyze and design pricing strategies including pricing models, competitive pricing analysis, willingness-to-pay estimation, and price elasticity. Use when setting prices, evaluating pricing models, preparing for a pricing change, or comparing freemium vs paid approaches.

Analyze a GitHub issue, verify claims against the codebase, and close invalid issues with a technical response.

Analyze the bond futures basis by pricing futures, identifying the cheapest-to-deliver, and comparing with yield curves to assess delivery option value and basis trading opportunities. Use when analyzing bond futures, computing the basis, identifying CTD bonds, calculating implied repo rates, or evaluating basis trades.

description: Systematic stock screening and investment idea sourcing. Combines quantitative screens, thematic research, and pattern recognition to surface new long and short ideas. Use when looking fo

Use when experiments complete to judge what claims the results support, what they don't, and what evidence is still missing. Codex MCP evaluates results against intended claims and routes to next action (pivot, supplement, or confirm). Use after experiments finish — before writing the paper or running ablations.

Turn a refined research proposal or method idea into a detailed, claim-driven experiment roadmap. Use after `research-refine`, or when the user asks for a detailed experiment plan, ablation matrix, evaluation protocol, run order, compute budget, or paper-ready validation that supports the core problem, novelty, simplicity, and any LLM / VLM / Diffusion / RL-based contribution.

UX design methodology and external consultation. Use when creating user flows, wireframes, interaction patterns, or getting UX feedback. Provides structured frameworks for user-centered design.

DeepChat app settings modification (DeepChat 设置/偏好) skill. Activate ONLY when the user explicitly asks to change DeepChat's own settings/preferences (e.g., theme, language, font size...). Do NOT activate for OS/system settings, editor settings, or other apps.

'Analyzes intrusion activity against the Lockheed Martin Cyber Kill Chain framework to identify which phases

Investigate compromised Docker containers by analyzing images, layers, volumes, logs, and runtime artifacts to

URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content,

'Analyzes malicious PDF files using PDFiD, pdf-parser, and peepdf to identify embedded JavaScript, shellcode,

Parse Windows Prefetch files to determine program execution history including run counts, timestamps, and referenced

'Systematically collects, categorizes, and distributes indicators of compromise (IOCs) during and after security

Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity

Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points.

'Configuring Zscaler Private Access (ZPA) to replace traditional VPN with zero trust network access by deploying

'Deploying Cloudflare Access with Cloudflare Tunnel to provide zero trust access to self-hosted and private applications,

'Deploying Palo Alto Networks Prisma Access for SASE-based zero trust network access using GlobalProtect agents,

Automate AWS GuardDuty threat detection findings processing using EventBridge and Lambda to enable real-time

Detect and investigate Azure service principal abuse including privilege escalation, credential compromise, admin

Deploy AI and NLP-powered detection systems to identify business email compromise attacks by analyzing writing

Detect compromised O365 and Google Workspace email accounts by analyzing inbox rule creation, suspicious sign-in

Detect malicious email forwarding rules created by adversaries to maintain persistent access to email communications

Detect Kerberoasting attacks by monitoring for anomalous Kerberos TGS requests targeting service accounts with

Detect adversary lateral movement across networks using Splunk SPL queries against Windows authentication logs,

Detect Living Off the Land Binaries (LOLBins/LOLBAS) abuse including certutil, regsvr32, mshta, and rundll32

'Detect malicious scheduled task creation and modification using Sysmon Event IDs 1 (Process Create for schtasks.exe),

Detect Pass-the-Hash attacks by analyzing NTLM authentication patterns, identifying Type 3 logons with NTLM where

Detect privilege escalation attempts including token manipulation, UAC bypass, unquoted service paths, kernel