with▌

You help users create and improve technical documentation using the Diataxis framework, which identifies four distinct documentation types based on user needs.

This skill encodes the design philosophy behind Family — a product widely praised for feeling alive, welcoming, and intentional. Originally documented by Benji Taylor at benji.org/family-values.

Routing skill for all Streamlit development tasks: app creation, editing, debugging, styling, optimization, and deployment. \n \n Routes to specialized sub-skills based on task type: performance optimization, dashboard building, design improvement, widget selection, theming, layouts, data display, multi-page apps, session state, chat UI, custom components, and Snowflake integration \n Includes a workflow for locating Streamlit source files, identifying entry points ( streamlit_app.py , app.py ),

Configure rsyslog for centralized log collection with TLS encryption, custom templates, and log rotation. Generates server and client configuration files with GnuTLS stream drivers, x509 certificate authentication, per-host log segregation, and reliable queue settings for high-availability syslog infrastructure.

Uses Rekall memory forensics framework to analyze memory dumps for process hollowing, injected code via VAD anomalies, hidden processes, and rootkit detection. Applies plugins like pslist, psscan, vadinfo, malfind, and dlllist to extract forensic artifacts from Windows memory images. Use during incident response memory analysis.

Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics, attribute distributions, threat actor galaxy clusters, and tag trends over time. Uses PyMISP to pull event data, compute IOC type breakdowns, identify top threat actors and malware families, and generate threat landscape reports with temporal trends.

Build an append-only log integrity chain using SHA-256 hash chaining for tamper detection. Each log entry is hashed with the previous entry's hash to create a blockchain-like structure where modifying any entry invalidates all subsequent hashes. Implements log ingestion, chain verification, tamper detection with pinpoint identification, and periodic checkpoint anchoring to external timestamping services.

Performs statistical analysis of Zeek conn.log connection intervals to detect C2 beaconing patterns. Uses the ZAT library to load Zeek logs into Pandas DataFrames, calculates inter-arrival time standard deviation, and flags periodic connections with low jitter. Use when hunting for command-and-control callbacks in network data.

Executes Atomic Red Team tests for MITRE ATT&CK technique validation using the atomic-operator Python framework. Loads test definitions from YAML atomics, runs attack simulations, and validates detection coverage. Use when testing SIEM detection rules, validating EDR coverage, or conducting purple team exercises.

Practical guidance for building effective AI applications using techniques from 60 product leaders and practitioners. \n \n Covers core prompting patterns: few-shot examples, decomposition for complex tasks, self-criticism, and context placement for cache efficiency \n Emphasizes architecture decisions over prompt tuning: context engineering, RAG data preparation, layered model supervision, and specialized models for specific tasks \n Provides evaluation frameworks: mandatory evals with binary P