AnnualReports
Aggregate and analyze annual security reports from major vendors — extract trends, compare threat landscapes year-over-year, produce synthesized threat intelligence summaries. Fetch, list, and update report sources. USE WHEN annual reports, security reports, threat reports, industry reports, vendor reports, threat landscape, fetch report, list sources, update sources.
Best use case
AnnualReports is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Aggregate and analyze annual security reports from major vendors — extract trends, compare threat landscapes year-over-year, produce synthesized threat intelligence summaries. Fetch, list, and update report sources. USE WHEN annual reports, security reports, threat reports, industry reports, vendor reports, threat landscape, fetch report, list sources, update sources.
Teams using AnnualReports should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/AnnualReports/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How AnnualReports Compares
| Feature / Agent | AnnualReports | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Aggregate and analyze annual security reports from major vendors — extract trends, compare threat landscapes year-over-year, produce synthesized threat intelligence summaries. Fetch, list, and update report sources. USE WHEN annual reports, security reports, threat reports, industry reports, vendor reports, threat landscape, fetch report, list sources, update sources.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Marketing
Discover AI agents for marketing workflows, from SEO and content production to campaign research, outreach, and analytics.
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
SKILL.md Source
## Customization
**Before executing, check for user customizations at:**
`~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/AnnualReports/`
If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults.
## 🚨 MANDATORY: Voice Notification (REQUIRED BEFORE ANY ACTION)
**You MUST send this notification BEFORE doing anything else when this skill is invoked.**
1. **Send voice notification**:
```bash
curl -s -X POST http://localhost:8888/notify \
-H "Content-Type: application/json" \
-d '{"message": "Running the WORKFLOWNAME workflow in the AnnualReports skill to ACTION"}' \
> /dev/null 2>&1 &
```
2. **Output text notification**:
```
Running the **WorkflowName** workflow in the **AnnualReports** skill to ACTION...
```
**This is not optional. Execute this curl command immediately upon skill invocation.**
# AnnualReports - Security Report Aggregation
Aggregates and analyzes annual security reports from 570+ sources across the cybersecurity industry.
**Source:** [awesome-annual-security-reports](https://github.com/jacobdjwilson/awesome-annual-security-reports)
## Workflow Routing
- **UPDATE** - Fetch latest report sources from GitHub (use `Tools/UpdateSources.ts`)
- **ANALYZE** - Analyze reports for trends and insights (use `Tools/ListSources.ts` + content analysis)
- **FETCH** - Download specific reports (use `Tools/FetchReport.ts`)
## Quick Reference
```bash
# Update sources from GitHub
bun run ~/.claude/skills/Security/AnnualReports/Tools/UpdateSources.ts
# List all sources
bun run ~/.claude/skills/Security/AnnualReports/Tools/ListSources.ts [category]
# Fetch a specific report
bun run ~/.claude/skills/Security/AnnualReports/Tools/FetchReport.ts <vendor> <report-name>
```
## Categories
### Analysis Reports
- **Global Threat Intelligence** (56 reports) - CrowdStrike, Microsoft, IBM, Mandiant, etc.
- **Regional Assessments** (11 reports) - FBI, CISA, Europol, NCSC, etc.
- **Sector Specific Intelligence** (13 reports) - Healthcare, Finance, Energy, Transport
- **Application Security** (21 reports) - OWASP, Veracode, Snyk, GitGuardian
- **Cloud Security** (11 reports) - Google Cloud, AWS, Wiz, Datadog
- **Vulnerabilities** (14 reports) - Rapid7, VulnCheck, Edgescan
- **Ransomware** (9 reports) - Veeam, Zscaler, Palo Alto
- **Data Breaches** (6 reports) - Verizon DBIR, IBM Cost of Breach
- **Physical Security** (6 reports) - Dragos, Nozomi, Waterfall
- **AI and Emerging Technologies** (11 reports) - Anthropic, Google, Zimperium
### Survey Reports
- **Industry Trends** (68 reports) - WEF, ISACA, Splunk, Gartner
- **Executive Perspectives** (7 reports) - CISO reports, Deloitte, Proofpoint
- **Workforce and Culture** (5 reports) - ISC2, KnowBe4, CompTIA
- **Market and Investment Research** (5 reports) - IT Harvest, Recorded Future
- **Application Security** (9 reports) - Checkmarx, Snyk, Traceable
- **Cloud Security** (7 reports) - Palo Alto, ISC2, Fortinet
- **Identity Security** (19 reports) - CyberArk, Okta, SailPoint
- **Penetration Testing** (5 reports) - HackerOne, Cobalt, Bugcrowd
- **Privacy and Data Protection** (8 reports) - Cisco, Proofpoint, Drata
- **Ransomware** (6 reports) - Sophos, Delinea, Semperis
- **AI and Emerging Technologies** (12 reports) - Darktrace, Wiz, HiddenLayer
## Data Files
- `Data/sources.json` - All report sources with metadata
- `Reports/` - Downloaded report files (PDFs, markdown)
## Examples
**Example 1: Update sources from upstream**
```
User: "Update the annual reports"
→ Invokes UPDATE workflow
→ Fetches latest README from GitHub
→ Parses and updates sources.json
→ Reports new/changed entries
```
**Example 2: Find threat intelligence reports**
```
User: "What threat reports are available?"
→ Lists Global Threat Intelligence category
→ Shows 56 reports from major vendors
→ Provides direct URLs
```
**Example 3: Analyze ransomware trends**
```
User: "Analyze ransomware reports"
→ Invokes ANALYZE workflow
→ Fetches relevant reports
→ Synthesizes findings across vendors
→ Produces trend analysis
```Related Skills
Utilities
Developer utilities and tools — CLI generation, skill scaffolding, agent delegation, system upgrades, evals, documents, parsing, audio editing, Fabric patterns, Cloudflare infrastructure, browser automation, meta-prompting, and aphorisms. USE WHEN create CLI, build CLI, command-line tool, wrap API, add command, upgrade tier, TypeScript CLI, create skill, new skill, scaffold skill, validate skill, update skill, fix skill structure, canonicalize skill, parallel execution, agent teams, delegate, workstreams, swarm, upgrade, improve system, system upgrade, check Anthropic, algorithm upgrade, mine reflections, find sources, research upgrade, PAI upgrade, eval, evaluate, test agent, benchmark, verify behavior, regression test, capability test, run eval, compare models, compare prompts, create judge, view results, document, process file, create document, convert format, extract text, PDF, DOCX, XLSX, PPTX, Word, Excel, spreadsheet, PowerPoint, presentation, slides, consulting report, large PDF, merge PDF, fill form, tracked changes, redlining, parse, extract, URL, transcript, entities, JSON, batch, YouTube, article, newsletter, Twitter, browser extension, collision detection, detect content type, extract article, extract newsletter, extract YouTube, extract PDF, parse content, clean audio, edit audio, remove filler words, clean podcast, remove ums, cut dead air, polish audio, transcribe, analyze audio, audio pipeline, fabric, fabric pattern, run fabric, update patterns, sync fabric, summarize, threat model pattern, Cloudflare, worker, deploy, Pages, MCP server, wrangler, DNS, KV, R2, D1, Vectorize, browser, screenshot, debug web, verify UI, troubleshoot frontend, automate browser, browse website, review stories, run stories, web automation, meta-prompting, template generation, prompt optimization, programmatic prompt, render template, validate template, prompt engineering, aphorism, quote, saying, find quote, research thinker, newsletter quotes, add aphorism, search aphorisms.
ContentAnalysis
Content extraction and analysis — wisdom extraction from videos, podcasts, articles, and YouTube. USE WHEN extract wisdom, content analysis, analyze content, insight report, analyze video, analyze podcast, extract insights, key takeaways, what did I miss, extract from YouTube.
WriteStory
Layered fiction writing system using Will Storr's storytelling science and rhetorical figures. USE WHEN write story, fiction, novel, short story, book, chapter, story bible, character arc, plot outline, creative writing, worldbuilding, narrative, mystery writing, dialogue, prose, series planning.
USMetrics
US economic indicators. USE WHEN GDP, inflation, unemployment, economic metrics, gas prices. SkillSearch('usmetrics') for docs.
Sales
Sales workflows. USE WHEN sales, proposal, pricing. SkillSearch('sales') for docs.
PAI
Personal AI Infrastructure core. The authoritative reference for how PAI works.
VoiceServer
Voice server management. USE WHEN voice server, TTS server, voice notification, prosody.
THEALGORITHM
Universal execution engine using scientific method to achieve ideal state. USE WHEN complex tasks, multi-step work, "run the algorithm", "use the algorithm", OR any non-trivial request that benefits from structured execution with ISC (Ideal State Criteria) tracking.
System
System maintenance with three core operations - integrity check (find/fix broken references), document session (current transcript), document recent (catch-up since last update). Plus security workflows. USE WHEN integrity check, audit system, document session, document this session, document today, document recent, catch up docs, what's undocumented, check for secrets, security scan, privacy check, OR asking about past work ("we just worked on", "remember when we").
CORE
Personal AI Infrastructure core. AUTO-LOADS at session start. The authoritative reference for how the PAI system works, how to use it, and all system-level configuration. USE WHEN any session begins, user asks about the system, identity, configuration, workflows, security, or any other question about how the PAI system operates.
thinking
Multi-mode analytical and creative thinking — first principles decomposition, iterative depth analysis, creative brainstorming, multi-agent council debates, adversarial red teaming, world threat modeling, and scientific hypothesis testing. USE WHEN first principles, decompose, deconstruct, reconstruct, challenge assumptions, iterative depth, multi-angle, deep exploration, be creative, brainstorm, divergent ideas, tree of thoughts, maximum creativity, technical creativity, idea generation, domain specific, council, debate, perspectives, quick consensus, red team, critique, stress test, adversarial validation, parallel analysis, devil's advocate, threat model, world model, future analysis, test idea, test investment, update models, view models, time horizon, think about, figure out, experiment, iterate, science, hypothesis, define goal, design experiment, quick diagnosis, structured investigation, full cycle.
telos
Life OS and project analysis. USE WHEN TELOS, life goals, projects, dependencies, books, movies. SkillSearch('telos') for docs.