Initial skills documentation — 25 categories, all SKILL.md + references + scripts

This commit is contained in:
root
2026-07-15 17:42:20 -04:00
commit 1b4fcd4427
976 changed files with 188344 additions and 0 deletions
+27
View File
@@ -0,0 +1,27 @@
---
name: document-redaction
description: Workflows for safely redacting sensitive data (IPs, credentials, domains) from IT documents, logs, and plans.
---
# Document Redaction & Data Sanitization
## Trigger
When asked to make a document "public-safe", "redact", or "sanitize" logs, configs, or architectural plans.
## Workflow
1. **Analyze the Source:** Read the document to identify classes of sensitive information (Vendor names, server names, internal IPs, domains, names/emails, passwords/keys).
2. **Scripted Redaction (Python):** Write a Python script using the `re` module for robust multi-pass regex replacements. This is far less error-prone than chained `sed` commands for complex files.
3. **Target Categories:**
- **Entities/People:** Map explicit names (e.g., `John Doe` -> `[Lead Developer]`).
- **Vendors:** Map third parties (e.g., `AWS`, `Hetzner` -> `[CLOUD-PROVIDER]`).
- **Servers:** Map hostnames (e.g., `app1-bu` -> `[STANDBY-HOST]`).
- **Emails:** `re.sub(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,7}\b', '[EMAIL-REDACTED]', text)`
- **IPs:** `re.sub(r'\b(?:\d{1,3}\.){3}\d{1,3}\b', '[IP-REDACTED]', text)`
4. **Mandatory Verification:** You MUST run `grep -iE "original_term1|original_term2|ip_regex"` on the generated output file to guarantee zero leakage before delivering the final artifact. Repeat the script generation/running until the `grep` commands return zero hits.
## Pitfalls
- **Domain/Subdomain overlap:** Redacting `example.com` might miss or corrupt `sub.example.com`. Map full known URLs to generic placeholders (e.g., `[OPS-PORTAL-DOMAIN]`).
- **Blind spots:** Regex won't catch specific executive names or custom server hostnames. Explicitly map known internal names first.
- **Over-redaction:** Don't redact standard public URLs (like `get.docker.com` or `github.com`) that provide technical value and pose no security risk.
## Support Files
- `scripts/redact_template.py` - Starter script for Python-based document redaction.
@@ -0,0 +1,30 @@
import re
import sys
def redact_document(input_path, output_path):
with open(input_path, 'r') as f:
text = f.read()
# 1. Names and Entities
text = re.sub(r"SpecificName", "[ROLE/TITLE]", text)
# 2. Vendors and Infrastructure
text = re.sub(r"(?i)\bVendorName\b", "[VENDOR-TYPE]", text)
text = re.sub(r"\bserver-hostname\b", "[SERVER-ROLE]", text)
# 3. Domains and URLs
text = re.sub(r'\bapp\.example\.com\b', 'app.[DOMAIN-REDACTED]', text)
# 4. Standard Patterns (Emails, IPs)
text = re.sub(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,7}\b', '[EMAIL-REDACTED]', text)
text = re.sub(r'\b(?:\d{1,3}\.){3}\d{1,3}\b', '[IP-REDACTED]', text)
with open(output_path, 'w') as f:
f.write(text)
if __name__ == '__main__':
if len(sys.argv) != 3:
print("Usage: python redact_template.py <input> <output>")
sys.exit(1)
redact_document(sys.argv[1], sys.argv[2])
print(f"Redacted document saved to {sys.argv[2]}")