AnnualReports
Customization
Before executing, check for user customizations at:
~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/AnnualReports/
If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults.
🚨 MANDATORY: Voice Notification (REQUIRED BEFORE ANY ACTION)
You MUST send this notification BEFORE doing anything else when this skill is invoked.
-
Send voice notification:
curl -s -X POST http://localhost:8888/notify \ -H "Content-Type: application/json" \ -d '{"message": "Running the WORKFLOWNAME workflow in the AnnualReports skill to ACTION"}' \ > /dev/null 2>&1 & -
Output text notification:
Running the **WorkflowName** workflow in the **AnnualReports** skill to ACTION...
This is not optional. Execute this curl command immediately upon skill invocation.
AnnualReports - Security Report Aggregation
Aggregates and analyzes annual security reports from 570+ sources across the cybersecurity industry.
Source: awesome-annual-security-reports
Workflow Routing
- UPDATE - Fetch latest report sources from GitHub (use
Tools/UpdateSources.ts) - ANALYZE - Analyze reports for trends and insights (use
Tools/ListSources.ts+ content analysis) - FETCH - Download specific reports (use
Tools/FetchReport.ts)
Quick Reference
# Update sources from GitHub
bun run ~/.claude/skills/Security/AnnualReports/Tools/UpdateSources.ts
# List all sources
bun run ~/.claude/skills/Security/AnnualReports/Tools/ListSources.ts [category]
# Fetch a specific report
bun run ~/.claude/skills/Security/AnnualReports/Tools/FetchReport.ts <vendor> <report-name>
Categories
Analysis Reports
- Global Threat Intelligence (56 reports) - CrowdStrike, Microsoft, IBM, Mandiant, etc.
- Regional Assessments (11 reports) - FBI, CISA, Europol, NCSC, etc.
- Sector Specific Intelligence (13 reports) - Healthcare, Finance, Energy, Transport
- Application Security (21 reports) - OWASP, Veracode, Snyk, GitGuardian
- Cloud Security (11 reports) - Google Cloud, AWS, Wiz, Datadog
- Vulnerabilities (14 reports) - Rapid7, VulnCheck, Edgescan
- Ransomware (9 reports) - Veeam, Zscaler, Palo Alto
- Data Breaches (6 reports) - Verizon DBIR, IBM Cost of Breach
- Physical Security (6 reports) - Dragos, Nozomi, Waterfall
- AI and Emerging Technologies (11 reports) - Anthropic, Google, Zimperium
Survey Reports
- Industry Trends (68 reports) - WEF, ISACA, Splunk, Gartner
- Executive Perspectives (7 reports) - CISO reports, Deloitte, Proofpoint
- Workforce and Culture (5 reports) - ISC2, KnowBe4, CompTIA
- Market and Investment Research (5 reports) - IT Harvest, Recorded Future
- Application Security (9 reports) - Checkmarx, Snyk, Traceable
- Cloud Security (7 reports) - Palo Alto, ISC2, Fortinet
- Identity Security (19 reports) - CyberArk, Okta, SailPoint
- Penetration Testing (5 reports) - HackerOne, Cobalt, Bugcrowd
- Privacy and Data Protection (8 reports) - Cisco, Proofpoint, Drata
- Ransomware (6 reports) - Sophos, Delinea, Semperis
- AI and Emerging Technologies (12 reports) - Darktrace, Wiz, HiddenLayer
Data Files
Data/sources.json- All report sources with metadataReports/- Downloaded report files (PDFs, markdown)
Examples
Example 1: Update sources from upstream
User: "Update the annual reports"
→ Invokes UPDATE workflow
→ Fetches latest README from GitHub
→ Parses and updates sources.json
→ Reports new/changed entries
Example 2: Find threat intelligence reports
User: "What threat reports are available?"
→ Lists Global Threat Intelligence category
→ Shows 56 reports from major vendors
→ Provides direct URLs
Example 3: Analyze ransomware trends
User: "Analyze ransomware reports"
→ Invokes ANALYZE workflow
→ Fetches relevant reports
→ Synthesizes findings across vendors
→ Produces trend analysis
More from danielmiessler/personal_ai_infrastructure
osint
Structured OSINT investigations — people lookup, company intel, investment due diligence, entity/threat intel, domain recon, organization research using public sources with ethical authorization framework. USE WHEN OSINT, due diligence, background check, research person, company intel, investigate, company lookup, domain lookup, entity lookup, organization lookup, threat intel, discover OSINT sources.
260firstprinciples
Physics-based reasoning framework (Musk/Elon methodology) that deconstructs problems to irreducible fundamental truths rather than reasoning by analogy. Three-step structure: DECONSTRUCT (break to constituent parts and actual values), CHALLENGE (classify every element as hard constraint / soft constraint / unvalidated assumption — only physics is truly immutable), RECONSTRUCT (build optimal solution from fundamentals alone, ignoring inherited form). Outputs: constituent-parts breakdown, constraint classification table, and reconstructed solution with key insight. Three workflows: Deconstruct.md, Challenge.md, Reconstruct.md. Integrates with RedTeam (attack assumptions before deploying adversarial agents), Security (decompose threat model), Architecture (challenge design constraints), and Pentesters (decompose assumed security boundaries). Other skills invoke via: Challenge on all stated constraints → classify as hard/soft/assumption. Cross-domain synthesis: solutions from unrelated fields often apply once the fundamental truths are exposed. NOT FOR incident investigation and causal chains (use RootCauseAnalysis). NOT FOR structural feedback loops (use SystemsThinking). USE WHEN first principles, fundamental truths, challenge assumptions, is this a real constraint, rebuild from scratch, what are we actually paying for, what is this really made of, start over, physics first, question everything, reasoning by analogy, is this really necessary.
161documents
Read, write, convert, and analyze documents — routes to PDF, DOCX, XLSX, PPTX sub-skills for creation, editing, extraction, and format conversion. USE WHEN document, process file, create document, convert format, extract text, PDF, DOCX, XLSX, PPTX, Word, Excel, spreadsheet, PowerPoint, presentation, slides, consulting report, large PDF, merge PDF, fill form, tracked changes, redlining.
116redteam
Military-grade adversarial analysis that deploys 32 parallel expert agents (engineers, architects, pentesters, interns) to stress-test ideas, strategies, and plans — not systems or infrastructure. Two workflows: ParallelAnalysis (5-phase: decompose into 24 atomic claims → 32-agent parallel attack → synthesis → steelman → counter-argument, each 8 points) and AdversarialValidation (competing proposals synthesized into best solution). Context files: Philosophy.md (core principles, success criteria, agent types), Integration.md (how to combine with FirstPrinciples, Council, and other skills; output format). Targets arguments, not network vulnerabilities. Findings ranked by severity; goal is to strengthen, not destroy — weaknesses delivered with remediation paths. Collaborates with FirstPrinciples (decompose assumptions before attacking) and Council (Council debates to find paths; RedTeam attacks whatever survives). Also invoked internally by Ideate (TEST phase) and WorldThreatModel (horizon stress-testing). NOT FOR AI instruction set auditing (use BitterPillEngineering). NOT FOR network/system vulnerability testing (use a security assessment skill). USE WHEN red team, attack idea, counterarguments, critique, stress test, devil's advocate, find weaknesses, break this, poke holes, what could go wrong, strongest objection, adversarial validation, battle of bots.
115privateinvestigator
Ethical people-finding using 15 parallel research agents (45 search threads) across public records, social media, reverse lookups. Public data only, no pretexting. USE WHEN find person, locate, reconnect, people search, skip trace, reverse lookup, social media search, public records search, verify identity.
114council
Multi-agent collaborative debate that produces visible round-by-round transcripts with genuine intellectual friction. All council members are custom-composed via ComposeAgent (Agents skill) with domain expertise, unique voice, and personality tailored to the specific topic — never built-in generic types. ComposeAgent invoked as: bun run ~/.claude/skills/Agents/Tools/ComposeAgent.ts. Two workflows: DEBATE (3 rounds, full transcript + synthesis, parallel execution within rounds, 40-90 seconds total) and QUICK (1 round, fast perspective check). Context files: CouncilMembers.md (agent composition instructions), RoundStructure.md (three-round structure and timing), OutputFormat.md (transcript format templates). Agents are designed per debate topic to create real disagreement; 4-6 well-composed agents outperform 12 generic ones. Council is collaborative-adversarial (debate to find best path); for pure adversarial attack on an idea, use RedTeam instead. NOT FOR parallel task execution across agents (use Delegation skill). USE WHEN council, debate, multiple perspectives, weigh options, deliberate, get different views, multi-agent discussion, what would experts say, is there consensus, pros and cons from multiple angles.
113