Agent Skillszhaoxuya520/reverse-skill › docs-generator

docs-generator

GitHub

用于生成任务导向型技术文档及安全分析报告。支持README、API文档及逆向、渗透、CTF等安全任务的正式报告输出,遵循渐进式披露原则,集成图表生成与标准化模板。

skills/docs-generator/SKILL.md zhaoxuya520/reverse-skill

Trigger Scenarios

写报告 写文档 出报告 writeup 技术文档 report documentation

Install

npx skills add zhaoxuya520/reverse-skill --skill docs-generator -g -y
More Options

Use without installing

npx skills use zhaoxuya520/reverse-skill@docs-generator

指定 Agent (Claude Code)

npx skills add zhaoxuya520/reverse-skill --skill docs-generator -a claude-code -g -y

安装 repo 全部 skill

npx skills add zhaoxuya520/reverse-skill --all -g -y

预览 repo 内 skill

npx skills add zhaoxuya520/reverse-skill --list

SKILL.md

Frontmatter
{
    "name": "docs-generator",
    "description": "Creates task-oriented technical documentation with progressive disclosure. Use when writing READMEs, API docs, architecture docs, or markdown documentation.\nAlso use this skill at the END of any completed reverse engineering, penetration testing, CTF, or security analysis task to generate a formal report in the user's project directory.\nTrigger keywords: 写报告, 写文档, 出报告, writeup, 技术文档, report, documentation."
}

Technical Documentation

ACTION REQUIRED(读完后立刻执行)

  1. NOW:确认当前任务是否命中本 skill 的适用范围
  2. NOW:读取 ../tool-index.md,校验工具可用性和实际路径
  3. NEXT:缺工具时调用 bootstrap,不要猜路径
  4. ACT:进入"工作流"第一步并执行,不要停在确认状态

For writing style, tone, and voice guidance, use Skill(ce:writer) with The Engineer persona.

安全/逆向任务文档输出

当逆向/渗透/CTF/安全分析任务完成后,本 skill 负责在用户项目目录生成正式技术文档。

触发时机

  1. 逆向任务完成,已产出核心结论(算法还原、签名破解、绕过方案等)
  2. 渗透测试完成,已发现并验证漏洞
  3. CTF 题目解出,已拿到 flag
  4. 用户明确要求"写一份报告/文档/writeup"

模板选择

任务类型 使用模板
APK/二进制/so 逆向 references/security-report-templates.md → 逆向工程报告
渗透测试/漏洞挖掘 references/security-report-templates.md → 渗透测试报告
CTF 解题 references/security-report-templates.md → CTF Writeup
JS/Web 签名逆向 references/security-report-templates.md → 签名逆向报告
通用技术文档 references/templates.md → README / API 文档

输出规范

  • 输出位置:用户当前项目目录(不是 skill 包目录)
  • 文件名格式YYYY-MM-DD_[类型]-[目标简称]-report.md
  • 如果项目有 docs/ 目录:优先放在 docs/
  • 编码:UTF-8
  • 语言:跟随用户对话语言(中文对话出中文报告,英文对话出英文报告)

质量要求

  • 所有代码块必须可直接运行或有明确上下文
  • 不要有 placeholder/TODO
  • 关键发现必须有证据支撑
  • 复现步骤必须让第三方能独立重现
  • 敏感信息(真实 token、密码、内部 URL)用占位符替代

图表集成

生成报告时,应在适当位置调用 diagram-generator skill 生成可视化图表:

报告类型 建议图表 图表类型
逆向工程报告 函数调用关系图、数据流图 Mermaid flowchart / sequenceDiagram
渗透测试报告 攻击路径图、网络拓扑图 Mermaid flowchart / Graphviz
CTF Writeup 解题思路流程图 Mermaid flowchart
JS 签名逆向报告 请求链路时序图、算法流程图 Mermaid sequenceDiagram / flowchart

图表以 Mermaid 代码块形式嵌入报告 markdown 中,确保可在 GitHub/GitLab 直接渲染。


Core Principles

1. Progressive Disclosure

Reveal information in layers:

Layer Content User Question
1 One-sentence description What is it?
2 Quick start code block How do I use it?
3 Full API reference What are my options?
4 Architecture deep dive How does it work?

Warnings, breaking changes, and prerequisites go at the TOP.

2. Task-Oriented Writing

<!-- Bad: Feature-oriented -->
## AuthService Class
The AuthService class provides authentication methods...

<!-- Good: Task-oriented -->
## Authenticating Users
To authenticate a user, call login() with credentials:

3. Show, Don't Tell

Every concept needs a concrete example.

Formatting Standards

  • Sentence case headings: "Getting started" not "Getting Started"
  • Max 3 heading levels: Deeper means split the doc
  • Always specify language in code blocks
  • Relative paths for internal links
  • Tables for structured data with 3+ attributes

Quality Checklist

  • Code examples tested and runnable
  • No placeholder text or TODOs
  • Matches actual code behavior
  • Scannable without reading everything
  • Reader knows what to do next

Anti-Patterns

Problem Fix
Wall of text Break up with headings, bullets, code, tables
Buried critical info Warnings/breaking changes at TOP
Missing error docs Always document what can go wrong

Templates

For README, API endpoint, and file organization templates, see references/templates.md.

Related Skills

  • Skill(ce:writer) - Writing style, tone, and voice (load The Engineer persona)
  • Skill(ce:visualizing-with-mermaid) - Architecture and flow diagrams

按需自举(On-Demand Bootstrap)

本 skill 不依赖外部工具,纯文本生成。无需 bootstrap。

如果需要渲染图表嵌入报告,会调用 diagram-generator/ skill。


路由上下文

上游入口: 所有安全/逆向 skill 在任务完成后自动调用本 skill 触发方式:

  • 自动:任务完成后作为行为链第 9 步执行
  • 手动:用户说"写报告"、"出文档"、"writeup"

同级关联模块:

  • apk-reverse/ — APK 逆向完成后生成逆向报告
  • ida-reverse/ — 二进制分析完成后生成逆向报告
  • radare2/ — CLI 分析完成后生成逆向报告
  • js-reverse/ — JS 签名逆向完成后生成签名报告
  • reverse-engineering/ — 通用逆向完成后生成逆向报告
  • field-journal/ — 报告内容同时作为进化日志的数据来源

安全报告模板: references/security-report-templates.md 通用文档模板: references/templates.md

任务完成自检(声称完成前 MUST 通过)

  • 我是否执行了工作流中的每一步(而不是只阅读)?
  • 我是否基于 tool-index 使用了真实工具路径?
  • 我是否产出了可复现证据(命令/脚本/截图/报告)?
  • 我是否完成并回写了 RULES 要求的 Checklist 项?

Version History

  • 1bec1f2 Current 2026-07-05 18:46

Same Skill Collection

CTF-Sandbox-Orchestrator/competition-crypto-mobile/SKILL.md
CTF-Sandbox-Orchestrator/competition-reverse-pwn/SKILL.md
CTF-Sandbox-Orchestrator/competition-stego-media/SKILL.md
CTF-Sandbox-Orchestrator/competition-web-runtime/SKILL.md
CTF-Sandbox-Orchestrator/ctf-sandbox-orchestrator/SKILL.md
skills/apk-reverse/SKILL.md
skills/binary-diff/SKILL.md
skills/browser-automation/SKILL.md
skills/dotnet-reverse/SKILL.md
skills/firmware-pentest/SKILL.md
skills/js-reverse/SKILL.md
skills/patch-diff-exploit/SKILL.md
skills/pentest-tools/SKILL.md
skills/pentest-tools/src-hunter/SKILL.md
skills/pwn-chain/SKILL.md
skills/radare2/SKILL.md
CTF-Sandbox-Orchestrator/competition-ad-certificate-abuse/SKILL.md
CTF-Sandbox-Orchestrator/competition-agent-cloud/SKILL.md
CTF-Sandbox-Orchestrator/competition-android-hooking/SKILL.md
CTF-Sandbox-Orchestrator/competition-browser-persistence/SKILL.md
CTF-Sandbox-Orchestrator/competition-bundle-sourcemap-recovery/SKILL.md
CTF-Sandbox-Orchestrator/competition-cloud-metadata-path/SKILL.md
CTF-Sandbox-Orchestrator/competition-container-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-custom-protocol-replay/SKILL.md
CTF-Sandbox-Orchestrator/competition-dpapi-credential-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-file-parser-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-firmware-layout/SKILL.md
CTF-Sandbox-Orchestrator/competition-forensic-timeline/SKILL.md
CTF-Sandbox-Orchestrator/competition-graphql-rpc-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-identity-windows/SKILL.md
CTF-Sandbox-Orchestrator/competition-ios-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-jwt-claim-confusion/SKILL.md
CTF-Sandbox-Orchestrator/competition-k8s-control-plane/SKILL.md
CTF-Sandbox-Orchestrator/competition-kerberos-delegation/SKILL.md
CTF-Sandbox-Orchestrator/competition-kernel-container-escape/SKILL.md
CTF-Sandbox-Orchestrator/competition-linux-credential-pivot/SKILL.md
CTF-Sandbox-Orchestrator/competition-lsass-ticket-material/SKILL.md
CTF-Sandbox-Orchestrator/competition-mailbox-abuse/SKILL.md
CTF-Sandbox-Orchestrator/competition-malware-config/SKILL.md
CTF-Sandbox-Orchestrator/competition-oauth-oidc-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-pcap-protocol/SKILL.md
CTF-Sandbox-Orchestrator/competition-prompt-injection/SKILL.md
CTF-Sandbox-Orchestrator/competition-queue-worker-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-race-condition-state-drift/SKILL.md
CTF-Sandbox-Orchestrator/competition-relay-coercion-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-request-normalization-smuggling/SKILL.md
CTF-Sandbox-Orchestrator/competition-runtime-routing/SKILL.md
CTF-Sandbox-Orchestrator/competition-ssrf-metadata-pivot/SKILL.md
CTF-Sandbox-Orchestrator/competition-supply-chain/SKILL.md
CTF-Sandbox-Orchestrator/competition-template-render-path/SKILL.md
CTF-Sandbox-Orchestrator/competition-websocket-runtime/SKILL.md
CTF-Sandbox-Orchestrator/competition-windows-pivot/SKILL.md
skills/diagram-generator/SKILL.md
skills/edr-bypass-re/SKILL.md
skills/ida-reverse/SKILL.md
skills/reverse-engineering/SKILL.md

Metadata

Files
0
Version
1bec1f2
Hash
64edd554
Indexed
2026-07-05 18:46

Главная - Вики-сайт
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-09 01:07
浙ICP备14020137号-1 $Гость$