Annual security report aggregation and analysis. USE WHEN annual reports, security reports, threat reports, industry reports, update reports, analyze reports, vendor reports, threat landscape.
annualreports follows the SKILL.md standard. Use the install command to add it to your agent stack.
--- name: AnnualReports description: Annual security report aggregation and analysis. USE WHEN annual reports, security reports, threat reports, industry reports, update reports, analyze reports, vendor reports, threat landscape. --- ## Customization **Before executing, check for user customizations at:** `~/.claude/skills/CORE/USER/SKILLCUSTOMIZATIONS/AnnualReports/` If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults. # AnnualReports - Security Report Aggregation Aggregates and analyzes annual security reports from 570+ sources across the cybersecurity industry. **Source:** [awesome-annual-security-reports](https://github.com/jacobdjwilson/awesome-annual-security-reports) ## Workflow Routing - **UPDATE** - Fetch latest report sources from GitHub → `Workflows/Update.md` - **ANALYZE** - Analyze reports for trends and insights → `Workflows/Analyze.md` - **FETCH** - Download specific reports → `Workflows/Fetch.md` ## Quick Reference ```bash # Update sources from GitHub bun run ~/.claude/skills/AnnualReports/Tools/UpdateSources.ts # List all sources bun run ~/.claude/skills/AnnualReports/Tools/ListSources.ts [category] # Fetch a specific report bun run ~/.claude/skills/AnnualReports/Tools/FetchReport.ts <vendor> <report-name> ``` ## Categories ### Analysis Reports - **Global Threat Intelligence** (56 reports) - CrowdStrike, Microsoft, IBM, Mandiant, etc. - **Regional Assessments** (11 reports) - FBI, CISA, Europol, NCSC, etc. - **Sector Specific Intelligence** (13 reports) - Healthcare, Finance, Energy, Transport - **Application Security** (21 reports) - OWASP, Veracode, Snyk, GitGuardian - **Cloud Security** (11 reports) - Google Cloud, AWS, Wiz, Datadog - **Vulnerabilities** (14 reports) - Rapid7, VulnCheck, Edgescan - **Ransomware** (9 reports) - Veeam, Zscaler, Palo Alto - **Data Breaches** (6 reports) - Verizon DBIR, IBM Cost of Breach - **Physical Security** (6 reports) - Dragos, Nozomi, Waterfall - **AI and Emerging Technologies** (11 reports) - Anthropic, Google, Zimperium ### Survey Reports - **Industry Trends** (68 reports) - WEF, ISACA, Splunk, Gartner - **Executive Perspectives** (7 reports) - CISO reports, Deloitte, Proofpoint - **Workforce and Culture** (5 reports) - ISC2, KnowBe4, CompTIA - **Market and Investment Research** (5 reports) - IT Harvest, Recorded Future - **Application Security** (9 reports) - Checkmarx, Snyk, Traceable - **Cloud Security** (7 reports) - Palo Alto, ISC2, Fortinet - **Identity Security** (19 reports) - CyberArk, Okta, SailPoint - **Penetration Testing** (5 reports) - HackerOne, Cobalt, Bugcrowd - **Privacy and Data Protection** (8 reports) - Cisco, Proofpoint, Drata - **Ransomware** (6 reports) - Sophos, Delinea, Semperis - **AI and Emerging Technologies** (12 reports) - Darktrace, Wiz, HiddenLayer ## Data Files - `Data/sources.json` - All report sources with metadata - `Reports/` - Downloaded report files (PDFs, markdown) ## Examples **Example 1: Update sources from upstream** ``` User: "Update the annual reports" → Invokes UPDATE workflow → Fetches latest README from GitHub → Parses and updates sources.json → Reports new/changed entries ``` **Example 2: Find threat intelligence reports** ``` User: "What threat reports are available?" → Lists Global Threat Intelligence category → Shows 56 reports from major vendors → Provides direct URLs ``` **Example 3: Analyze ransomware trends** ``` User: "Analyze ransomware reports" → Invokes ANALYZE workflow → Fetches relevant reports → Synthesizes findings across vendors → Produces trend analysis ```