fix: replace word-split tags with domain-specific cybersecurity tags

Three SKILL.md files had tags that were simply words split from the skill name (e.g., "analyzing", "block", "with", "logs") rather than meaningful discovery keywords. Replace with domain-specific terms that agents and search tools can actually use for routing. - analyzing-powershell-script-block-logging: [powershell, script-block-logging, event-id-4104, obfuscation-detection, windows-forensics, endpoint-security] - analyzing-azure-activity-logs-for-threats: [azure, cloud-security, azure-monitor, kql, threat-hunting, activity-logs] - analyzing-memory-forensics-with-lime-and-volatility: [memory-forensics, linux-forensics, lime, volatility, incident-response, kernel-modules] Co-Authored-By: Claude Code <noreply@anthropic.com>
2026-06-10 13:14:55 +03:00 · 2026-04-21 00:35:35 +00:00
parent 888bbe4c6e
commit fbc47b7ac2
3 changed files with 16 additions and 10 deletions
@@ -8,10 +8,12 @@ description: 'Queries Azure Monitor activity logs and sign-in logs via azure-mon
 domain: cybersecurity
 subdomain: security-operations
 tags:
- analyzing
 - azure
- activity
- logs
+- cloud-security
+- azure-monitor
+- kql
+- threat-hunting
+- activity-logs
 version: '1.0'
 author: mahipal
 license: Apache-2.0
@@ -8,10 +8,12 @@ description: 'Performs Linux memory acquisition using LiME (Linux Memory Extract
 domain: cybersecurity
 subdomain: security-operations
 tags:
- analyzing
- memory
- forensics
- with
+- memory-forensics
+- linux-forensics
+- lime
+- volatility
+- incident-response
+- kernel-modules
 version: '1.0'
 author: mahipal
 license: Apache-2.0
@@ -6,10 +6,12 @@ description: Parse Windows PowerShell Script Block Logs (Event ID 4104) from EVT
 domain: cybersecurity
 subdomain: security-operations
 tags:
- analyzing
 - powershell
- script
- block
+- script-block-logging
+- event-id-4104
+- obfuscation-detection
+- windows-forensics
+- endpoint-security
 version: '1.0'
 author: mahipal
 license: Apache-2.0