Changelog
Initial release in the security skill pack.
How it works
1
What happened
Checks arguments or asks for the basics
2
Triage
Determines severity, timeline, affected services, and current status
3
Build report
Incident ID, summary, impact, full timeline, root cause, resolution
4
Action items
Prioritized fixes with owners and due dates
5
Save
Writes to engineering/security/incidents/INC-<date>-<slug>.md
Details
- Severity levels: Critical (breach/outage), High (partial), Medium (degraded), Low (minor)
- Includes communication log template for tracking who was notified
- Lessons learned section: what went well, what didn't, what to change
- Suggests updating brain files (engineering/CLAUDE.md, devops/) with lessons
- Creates incidents/ directory if needed