{"skill":{"slug":"ai-company-ciso-2-0-0","displayName":"Ai Company Ciso 2.0.0","summary":"AI公司首席信息安全官（CISO）技能包。STRIDE威胁建模、渗透测试、事件响应、合规审计、AI网关、零信任架构、NHI管理、CEO-EXEC危机直通接口安全协议、ENGR L4双重审批签裁、Guardrail与AI网关分层定义、STRIDE统一主导权、MTTD追踪、NHI策略制定、安全缺陷统一跟踪、Licen...","tags":{"latest":"2.0.1"},"stats":{"comments":0,"downloads":89,"installsAllTime":1,"installsCurrent":0,"stars":0,"versions":2},"createdAt":1776343327554,"updatedAt":1776596511015},"latestVersion":{"version":"2.0.1","createdAt":1776596234500,"changelog":"**ai-company-ciso-2-0-1 Changelog**\n\n- Introduced detailed separation between AI Gateway (CISO scope) and Guardrail (CTO scope), clarifying access control vs. content security functions.\n- Established CISO as the sole authority for STRIDE threat modeling and approval, resolving potential overlaps with CTO activities.\n- Added CEO-EXEC crisis direct channel protocol with strict CISO approval, new operation restrictions, and enhanced audit measures.\n- Implemented CTO+CISO dual approval workflow for production/architecture changes, including clear parallel review logic and explicit override/timeout handling.\n- Updated documentation to reflect new modules, stricter stratification of responsibilities, and improved compliance and risk mitigation procedures.\n- Added references to signed STRIDE assessment documents and the dual-approval process workflow.","license":"MIT-0"},"metadata":{"os":["linux","darwin","win32"],"systems":null},"owner":{"handle":"johnsmithfan","userId":"s17ar8yxm9wh64zhr7mr0xemcn84gs16","displayName":"JohnSmithfan","image":"https://avatars.githubusercontent.com/u/147225147?v=4"},"moderation":{"isSuspicious":true,"isMalwareBlocked":false,"verdict":"suspicious","reasonCodes":["suspicious.llm_suspicious"],"summary":"Detected: suspicious.llm_suspicious","engineVersion":"v2.4.0","updatedAt":1776596511015}}