Security Incident Command

This instruction-only incident-command skill is internally consistent with its purpose and does not request extra credentials, installs, or system-level access beyond what a live incident management guide would reasonably need.

This skill is a written incident-command playbook and appears coherent and low-risk: it doesn't ask for credentials or install code. Before using it during a live incident, read the full SKILL.md top-to-bottom to confirm there are no open-ended directives that would let the agent autonomously access production systems or secrets. Prefer human-in-the-loop operation for any destructive or high-impact steps (e.g., isolating systems, creating accounts, registering domains). If you plan to let the agent perform shell actions (Bash/Grep tools are listed as optional), restrict those to non-production copies or require explicit human approval per action. Finally, check the referenced dependency (incident-response-team-setup) so you understand any cross-skill expectations.