์Šคํ‚ฌ incident-response-incident-response
๐Ÿšจ

incident-response-incident-response

์•ˆ์ „

Orchestrate Incident Response Workflows

This skill provides a structured multi-phase incident response workflow for AI agents, enabling rapid detection, investigation, resolution, and postmortem documentation following modern SRE principles.

์ง€์›: Claude Codex Code(CC)
๐Ÿ“Š 69 ์ ์ ˆํ•จ
1

์Šคํ‚ฌ ZIP ๋‹ค์šด๋กœ๋“œ

2

Claude์—์„œ ์—…๋กœ๋“œ

์„ค์ • โ†’ ๊ธฐ๋Šฅ โ†’ ์Šคํ‚ฌ โ†’ ์Šคํ‚ฌ ์—…๋กœ๋“œ๋กœ ์ด๋™

3

ํ† ๊ธ€์„ ์ผœ๊ณ  ์‚ฌ์šฉ ์‹œ์ž‘

ํ…Œ์ŠคํŠธํ•ด ๋ณด๊ธฐ

"incident-response-incident-response" ์‚ฌ์šฉ ์ค‘์ž…๋‹ˆ๋‹ค. Use incident-response skill to triage: API service returning 500 errors for 30% of requests

์˜ˆ์ƒ ๊ฒฐ๊ณผ:

Severity: P1/SEV-2 (Major degradation)

Affected Services: API Gateway, User Service
User Impact: 30% failed requests, primarily authenticated users

Initial Mitigation:
1. Enable circuit breaker for User Service
2. Check for recent deployments to roll back
3. Scale up API Gateway capacity

Incident Commander: [Assign]
Technical Lead: [Assign]
Communications Lead: [Assign]

"incident-response-incident-response" ์‚ฌ์šฉ ์ค‘์ž…๋‹ˆ๋‹ค. Use incident-response skill to create postmortem for yesterday's database outage

์˜ˆ์ƒ ๊ฒฐ๊ณผ:

## Blameless Postmortem - Database Outage

### Timeline
- 14:00 - Alert fired: Database CPU at 99%
- 14:05 - Incident declared P1
- 14:15 - Rollback attempted
- 14:30 - Root cause: Connection pool exhaustion
- 14:45 - Fix deployed
- 15:00 - Incident resolved

### Root Cause
Migration script created 10x normal connections

### What Went Well
- Fast detection (2 min)
- Clear communication

### Action Items
1. Add connection pool monitoring - Owner: Jane - Due: Feb 28
2. Update runbook for migrations - Owner: Bob - Due: Mar 1

๋ณด์•ˆ ๊ฐ์‚ฌ

์•ˆ์ „
v1 โ€ข 2/25/2026

All 11 static findings are false positives. The skill is a legitimate incident response workflow guide (markdown documentation). The 'external_commands' detection refers to markdown backticks for file paths, not shell execution. The 'weak cryptographic algorithm' and 'system/network reconnaissance' detections are scanner misinterpretations of incident response terminology (severity levels, observability analysis, root cause analysis). No actual security risks present.

1
์Šค์บ”๋œ ํŒŒ์ผ
171
๋ถ„์„๋œ ์ค„ ์ˆ˜
3
๋ฐœ๊ฒฌ ์‚ฌํ•ญ
1
์ด ๊ฐ์‚ฌ ์ˆ˜

๋†’์€ ์œ„ํ—˜ ๋ฌธ์ œ (3)

SKILL.md:23
External Commands Detection (False Positive)
Scanner detected 'Ruby/shell backtick execution' at SKILL.md:23 - this is markdown formatting (backticks around file path 'resources/implementation-playbook.md'), not shell execution.
SKILL.md:3SKILL.md:89SKILL.md:129SKILL.md:165
Weak Cryptographic Algorithm Detection (False Positive)
Scanner detected 'weak cryptographic algorithm' at multiple lines - these are false positives. The skill contains no cryptographic code.
SKILL.md:25SKILL.md:32SKILL.md:33SKILL.md:55SKILL.md:89SKILL.md:96
System/Network Reconnaissance Detection (False Positive)
Scanner detected 'system/network reconnaissance' at multiple lines - these are false positives. The terms refer to legitimate incident response activities (severity classification, observability analysis, root cause analysis).
๊ฐ์‚ฌ์ž: claude

ํ’ˆ์งˆ ์ ์ˆ˜

38
์•„ํ‚คํ…์ฒ˜
100
์œ ์ง€๋ณด์ˆ˜์„ฑ
87
์ฝ˜ํ…์ธ 
50
์ปค๋ฎค๋‹ˆํ‹ฐ
75
๋ณด์•ˆ
91
์‚ฌ์–‘ ์ค€์ˆ˜

๋งŒ๋“ค ์ˆ˜ ์žˆ๋Š” ๊ฒƒ

SRE Team Lead managing production outage

Use the full workflow to coordinate team response, maintain incident command structure, and ensure proper communication during a sev-1 incident.

DevOps Engineer conducting post-incident review

Use Phase 5 (Postmortem & Prevention) to document incident timeline, identify root causes, and create action items for monitoring improvements.

On-call engineer performing initial triage

Use Phase 1 (Detection & Triage) to quickly classify incident severity, assess impact, and determine initial mitigation steps.

์ด ํ”„๋กฌํ”„ํŠธ๋ฅผ ์‚ฌ์šฉํ•ด ๋ณด์„ธ์š”

Initial Incident Triage 
Use the incident-response skill to triage this alert: [DESCRIBE ALERT]. Determine severity level (P0-P3), identify affected services, assess user impact, and recommend initial mitigation actions.
Deep Investigation Request 
Use the incident-response skill to investigate this incident: [INCIDENT DESCRIPTION]. Conduct deep debugging, security assessment, and performance analysis to identify root cause.
Emergency Deployment Coordination 
Use the incident-response skill to coordinate this emergency fix: [INCIDENT AND FIX DESCRIPTION]. Execute deployment with validation, monitoring, and rollback readiness.
Postmortem Generation 
Use the incident-response skill to conduct a blameless postmortem for: [INCIDENT SUMMARY]. Document timeline, root cause, what went well, what could improve, and create action items.

๋ชจ๋ฒ” ์‚ฌ๋ก€

  • Assign clear incident commander and roles within the first 5 minutes of any P0/P1 incident
  • Update stakeholder communication every 15-30 minutes during active incidents
  • Complete blameless postmortem within 48 hours with specific, assignable action items

ํ”ผํ•˜๊ธฐ

  • Skipping severity classification and jumping straight to debugging without understanding impact
  • Blaming individuals in postmortems rather than focusing on system improvements
  • Delaying communication to stakeholders until full resolution is achieved

์ž์ฃผ ๋ฌป๋Š” ์งˆ๋ฌธ

Does this skill execute actual incident response actions?
No. This skill provides workflow guidance and orchestrates other specialized skills. It does not directly access monitoring systems, execute deployments, or modify infrastructure.
Can this skill replace my incident management platform?
No. This skill is designed to work with existing tools like PagerDuty, Opsgenie, and status pages. It provides the workflow logic but relies on external systems for alerting and communication.
What severity levels does this skill support?
The skill supports P0 (SEV-1) through P3 (SEV-4) severity levels. P0/P1 require immediate all-hands response, while P2/P3 follow standard response procedures.
How does this skill handle security incidents?
Phase 2 includes a Security Assessment step that checks for DDoS indicators, authentication failures, data exposure risks, and suspicious access patterns.
Can junior engineers use this skill effectively?
Yes. The structured workflow guides less experienced team members through incident response phases with clear prompts and expected outputs for each step.
What makes this skill different from general debugging guides?
This skill provides a comprehensive incident command system (ICS) with multi-agent orchestration, focusing on coordination, communication, and prevention rather than just technical troubleshooting.

๊ฐœ๋ฐœ์ž ์„ธ๋ถ€ ์ •๋ณด

์ž‘์„ฑ์ž

sickn33

๋ผ์ด์„ ์Šค

MIT

๋ฆฌํฌ์ง€ํ† ๋ฆฌ

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/incident-response-incident-response

์ฐธ์กฐ

main

ํŒŒ์ผ ๊ตฌ์กฐ

๐Ÿ“„ SKILL.md