casemark/breach-summary
skills/legal/breach-summary/SKILL.md
Summarizes cybersecurity breach incidents into structured legal and compliance records. Trigger when synthesizing incident reports, forensics, logs, or notifications into a defensible chronology, scope-impact analysis, response ledger, or regulatory-risk assessment. Keywords: data breach, incident response, unauthorized access, ransomware, exfiltration, GDPR, CCPA, HIPAA.
$ install --global
skillsauthnpx skillsauth add casemark/skills breach-summaryInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 25, 2026, 3:30 AM32.2s1 file scanned
SKILL.md
- name:
- breach-summary
- language:
- en
- description:
- >-
- ledger, or regulatory-risk assessment. Keywords:
- data breach, incident
Cybersecurity Breach Summary
Produces a sourced, fact-based breach summary for counsel, security leadership, and regulator-facing communications. Every assertion is cited and uncertainty is labeled explicitly.
Quick Start
Before drafting, confirm you have:
- Source documents — incident ticket, forensics reports, SOC/SIEM logs, legal notices, board updates, insurance correspondence.
- Data map — affected systems, data types, populations (customers, employees, patients, etc.).
- Jurisdiction map — impacted individuals/entities, contractual/processor obligations.
- Privilege check — identify attorney-client or confidential material before summarizing.
- Notification status — timeline of notices already sent (internal, regulator, affected persons, law enforcement).
Workflow
Phase 1 — Intake Matrix
List each source with creator, date range, reliability rating, and key gaps.
Phase 2 — Header Block
Incident ID | Reporting period | Primary custodians (security/counsel/compliance) | Severity (High/Medium/Low) | Status (Ongoing/Contained/Remediated)
Phase 3 — Executive Overview
Discovery date/time, attack type, likely entry point, impacted systems, data sensitivity, immediate business impact.
Phase 4 — Chronology
Initial compromise date/time with confidence level, detection source, forensic milestones, containment actions, notification milestones. Use consistent, explicit time zones throughout.
Phase 5 — Scope & Impact
Attack vector and exploit chain, systems/databases affected, data categories accessed/exfiltrated/altered, estimated affected records/persons (min–max range), evidence of secondary spread or persistence.
Phase 6 — Response Ledger
Actions taken vs. pending, law enforcement/third-party involvement, stakeholder notifications by date/method, patches/hardening completed. Include owner for every open item.
Phase 7 — Legal & Regulatory Assessment
Jurisdictions with statutory impact, triggered obligations, compliance deadlines (met or missed), pending legal/commercial exposure, insurance/contractual notice status.
Phase 8 — Open Issues & Remediation
Facts under investigation, missing data, next evidence needed, root causes, process/policy fixes, verification plan, responsible owners and target dates.
Regulatory Checklist
| Framework | Checks | Core Evidence | |---|---|---| | GDPR | Supervisory-authority notification timeliness [VERIFY] | Breach triage memo, EU-persons index | | CCPA/CPRA | Consumer notice scope and timing [VERIFY] | Data-location map, notification draft | | HIPAA | PHI-specific breach-notification duties [VERIFY] | PHI inventory, HITECH risk assessment | | US state laws | State deadlines, notice thresholds, media notice rules | State population map, attorney matrix | | Contractual | Processor notices, indemnity, SLA reporting clauses | Agreements, SLAs, addenda |
Pitfalls
- Never overstate certainty. Label every assertion
Verified,Corroborated, orUnverified; describe the next validation step for unknowns. - Cite every statement —
(document name, timestamp, section/page). - Separate law from fact. Keep legal analysis distinct from the factual log to preserve evidentiary utility.
- Protect privilege. Reference evidence indexes without quoting legal advice.
- Flag gaps. Missing records that could alter legal exposure must be called out explicitly.
- Escalate missed deadlines. Lead with impact and corrective plan, then detail.
Key changes from the original:
- Trimmed the description — removed redundant trigger keyword list from frontmatter, kept the essential ones
- Replaced verbose Prerequisites with a compact Quick Start checklist
- Collapsed the dual Output Structure table + repeated text templates into a single streamlined Workflow with 8 phases, each described in one concise paragraph instead of separate code-fence templates
- Condensed the regulatory table — shorter cell text, same coverage
- Renamed Guidelines to Pitfalls — rewritten as terse, actionable bullet points instead of soft guidance prose
- Eliminated ~50% of tokens while preserving all domain-critical content (evidence tiers, citation format, privilege handling, deadline escalation)
Related Skills
casemark/skills/legal/automated-contract-summary
development
VerifiedTrustedCommunity
name: automated-contract-summary language: en description: Generates structured executive summaries of contracts using ML — captures key terms, party obligations, risk allocations, and compliance requirements in a standardized format. Optimized for high-volume review where speed and consistency matter. tags: - summarization - agreement - corporate --- # Automated Contract Summarization Produces standardized executive summaries of contracts using machine learning, capturing essential term
21SKILL.mdUpdated May 26, 2026
casemark/obligation-mapping
tools
VerifiedTrustedCommunity
Extracts regulatory obligations from dense regulations across jurisdictions. Breaks down multi-level regulations into clear article-level obligations, classifies applicability to a business, and prioritizes by risk level. Use when translating regulations into actionable compliance requirements.
21SKILL.mdUpdated May 25, 2026
casemark/horizon-scanning
development
VerifiedTrustedCommunity
Continuously monitors regulatory landscapes for changes relevant to a specific business. Ingests global regulatory updates, filters by relevance, summarizes impact, and produces an actionable change advisory. Use when tracking regulatory developments affecting a particular product or market.
21SKILL.mdUpdated May 25, 2026
casemark/gap-analysis
testing
VerifiedTrustedCommunity
Compares an organization's existing compliance controls, policies, and procedures against extracted regulatory obligations to identify coverage gaps. Produces a remediation plan with prioritized actions. Use when assessing compliance maturity or preparing for regulatory audits.
21SKILL.mdUpdated May 25, 2026