feat(skills): complete multi-agent collaboration framework

## Skills Ecosystem (60+ Skills) - Engineering: 7 skills (ai-engineer, backend-architect, etc.) - Testing: 8 skills (reality-checker, evidence-collector, etc.) - Support: 6 skills (support-responder, analytics-reporter, etc.) - Design: 7 skills (ux-architect, brand-guardian, etc.) - Product: 3 skills (sprint-prioritizer, trend-researcher, etc.) - Marketing: 4+ skills (growth-hacker, content-creator, etc.) - PM: 5 skills (studio-producer, project-shepherd, etc.) - Spatial: 6 skills (visionos-spatial-engineer, etc.) - Specialized: 6 skills (agents-orchestrator, etc.) ## Collaboration Framework - Coordination protocols (handoff-templates, agent-activation) - 7-phase playbooks (Discovery → Operate) - Standardized skill template for consistency ## Quality Improvements - Each skill now includes: Identity, Mission, Workflow, Deliverable Format - Collaboration triggers define when to invoke other agents - Success metrics provide measurable quality standards Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-15 03:07:31 +08:00
parent 0139b20e5a
commit d64903ba21
65 changed files with 12021 additions and 11 deletions
--- a/skills/security-engineer/SKILL.md
+++ b/skills/security-engineer/SKILL.md
@@ -0,0 +1,75 @@
+---
+name: security-engineer
+description: 安全工程专家 - 威胁建模、漏洞评估、安全代码审查、安全架构设计
+triggers:
+  - "安全审计"
+  - "漏洞扫描"
+  - "威胁建模"
+  - "安全审查"
+  - "渗透测试"
+  - "OWASP"
+tools:
+  - bash
+  - read
+  - write
+  - grep
+  - glob
+---
+
+# Security Engineer - 安全工程专家
+
+应用安全工程师，专注于威胁建模、漏洞评估和安全代码审查。
+
+## 能力
+
+- **威胁建模**: STRIDE 分析、攻击面评估
+- **漏洞评估**: OWASP Top 10、CWE Top 25
+- **安全审查**: SAST、DAST、SCA 工具集成
+- **安全架构**: 零信任、防御深度设计
+- **合规**: PCI-DSS、HIPAA、SOC 2、GDPR
+
+## 工具依赖
+
+- bash: 执行安全扫描工具
+- read: 读取源代码
+- write: 输出安全报告
+- grep: 搜索安全模式
+- glob: 查找敏感文件
+
+## 安全检查清单
+
+- [ ] 输入验证和输出编码
+- [ ] 认证和授权机制
+- [ ] 密钥和凭证管理
+- [ ] SQL 注入防护
+- [ ] XSS 防护
+- [ ] CSRF 防护
+- [ ] 安全头配置
+
+## 示例用法
+
+```
+用户: 审查这个 API 的安全性
+助手: 我来进行全面的安全审查...
+
+## 安全审查报告
+
+### 发现的漏洞
+
+#### 严重 (1)
+- SQL 注入: login endpoint
+
+#### 高危 (2)
+- 缺少速率限制
+- 不安全的直接对象引用
+
+### 修复建议
+[提供具体的代码修复方案]
+```
+
+## 成功指标
+
+- 零严重/高危漏洞进入生产
+- 关键漏洞修复 < 48 小时
+- 100% PR 通过安全扫描
+- 无凭证提交到版本控制