tachi-report-assembly

Domain knowledge for PDF security report assembly — artifact detection patterns with tier selection rules, Typst data variable contract with type specifications and image path resolution, and brand asset handling with logo location and fallback rules. Consumed by the report-assembler agent during report generation.

9 stars

Best use case

tachi-report-assembly is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Domain knowledge for PDF security report assembly — artifact detection patterns with tier selection rules, Typst data variable contract with type specifications and image path resolution, and brand asset handling with logo location and fallback rules. Consumed by the report-assembler agent during report generation.

Teams using tachi-report-assembly should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/tachi-report-assembly/SKILL.md --create-dirs "https://raw.githubusercontent.com/davidmatousek/tachi/main/.claude/skills/tachi-report-assembly/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/tachi-report-assembly/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How tachi-report-assembly Compares

Feature / Agenttachi-report-assemblyStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Domain knowledge for PDF security report assembly — artifact detection patterns with tier selection rules, Typst data variable contract with type specifications and image path resolution, and brand asset handling with logo location and fallback rules. Consumed by the report-assembler agent during report generation.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# tachi-report-assembly

PDF security report assembly domain knowledge extracted from the tachi report-assembler agent. This skill provides the artifact detection tables, Typst template interface contract, and brand asset guidelines that the report-assembler uses to transform pipeline artifacts into a professional PDF security assessment booklet.

## Domain Overview

The report assembly pipeline bridges tachi pipeline artifacts (markdown and image files) with a Typst template system to produce a multi-page PDF:

1. **Artifact Detection** -- Identify which pipeline outputs are available in the target directory and select the richest data source tier for findings presentation
2. **Data Extraction** -- Parse markdown artifacts and extract structured data via deterministic Python script
3. **Typst Data Generation** -- Generate a `report-data.typ` file containing all extracted variables as Typst `#let` bindings that the template system imports at compile time
4. **Brand Asset Resolution** -- Locate logo files with dark variant support and compute relative paths for Typst image inclusion

The Typst template system uses a data injection pattern: `main.typ` imports `report-data.typ` and conditionally includes page templates based on artifact availability flags. The agent's responsibility is generating `report-data.typ` with correct variable names, types, and values.

## Loading Table

Reference files are loaded on-demand by the report-assembler agent at specific workflow phases using the Read tool.

| Reference | File | Load When |
|-----------|------|-----------|
| Typst Artifacts | `references/typst-artifacts.md` | Artifact detection phase (Step 1) — determining which pipeline outputs exist and selecting data source tier |
| Typst Template Contract | `references/typst-template-contract.md` | Data generation phase (Step 2) — generating report-data.typ with correct variable bindings |
| Brand Asset Guidelines | `references/brand-asset-guidelines.md` | Brand detection phase (Step 2) — locating and resolving logo paths for cover and footer |

Related Skills

tachi-threat-reporting

9
from davidmatousek/tachi

Domain knowledge for narrative threat report generation — executive summary structure, architecture overview patterns, per-category narrative templates, attack tree construction rules with Mermaid syntax, and reference attack tree examples. Consumed by the threat-report agent during report generation.

tachi-shared

9
from davidmatousek/tachi

Shared reference files consumed by multiple tachi agents. Contains canonical definitions for severity bands, STRIDE+AI categories, and finding format that serve as the single source of truth across the pipeline. Agents Read individual reference files on-demand rather than maintaining inline copies.

tachi-risk-scoring

9
from davidmatousek/tachi

Domain knowledge for quantitative risk scoring — four-dimensional scoring model (CVSS 3.1, exploitability, scalability, reachability), CVSS base vector mappings, composite score formulas, severity band thresholds, and governance field derivation rules. Consumed by the risk-scorer agent during scoring pipeline execution.

tachi-orchestration

9
from davidmatousek/tachi

Domain knowledge for the tachi orchestrator agent: input format detection, DFD classification, trust boundary notation, STRIDE-per-Element dispatch rules, coverage requirements per component type, coverage matrix model, SARIF 2.1.0 generation specification, output schema tables for threats.md, baseline correlation, structural validation checklist, and error handling templates. Loaded on-demand by the orchestrator during specific pipeline phases.

tachi-infographics

9
from davidmatousek/tachi

Domain knowledge for threat infographic generation — infographic specification formats, template-specific section layouts (Baseball Card, System Architecture, Risk Funnel), Gemini API prompt construction rules, and visual design system tokens. Consumed by the threat-infographic agent during specification and image generation.

tachi-control-analysis

9
from davidmatousek/tachi

Domain knowledge for compensating controls analysis — control category definitions with detection patterns, evidence criteria with effectiveness classification, and residual risk calculation with recommendation generation. Loaded on-demand by the control-analyzer agent during codebase scanning and risk assessment phases.

~aod-status

9
from davidmatousek/tachi

On-demand backlog snapshot and lifecycle stage summary. Regenerates BACKLOG.md from GitHub Issues and displays item counts per stage. Use this skill when you need to check backlog status, view stage counts, regenerate BACKLOG.md, or get a lifecycle overview.

~aod-spec

9
from davidmatousek/tachi

Validates specification completeness and quality by checking for mandatory sections, [NEEDS CLARIFICATION] markers, testable criteria, and clear scope boundaries. Use this skill when you need to check if spec is complete, validate specifications, review spec.md, or check specification quality. Ensures specifications are ready for architecture and implementation phases.

~aod-score

9
from davidmatousek/tachi

Re-score an existing idea's ICE rating when circumstances change. Use this skill when you need to re-evaluate ideas, update ICE scores, change idea priority, or re-assess deferred ideas.

~aod-run

9
from davidmatousek/tachi

Full lifecycle orchestrator that chains all 6 AOD stages (Discover, Define, Plan, Build, Deliver, Document) with disk-persisted state for session resilience and governance gates at every boundary. Use this skill when you need to run the full lifecycle, orchestrate stages, resume orchestration, or check orchestration status.

~aod-project-plan

9
from davidmatousek/tachi

Validates architecture documentation completeness by checking for technology stack, API specifications, database schema, security architecture, and alignment with feature specification. Use this skill when you need to check if plan.md is complete before implementation, validate architecture documentation, or review technical plans for completeness.

~aod-plan

9
from davidmatousek/tachi

Plan stage orchestrator that runs all three Plan sub-steps (spec → project-plan → tasks) in sequence with governance gates. Stops on rejection, continues through approvals. Use this skill when you need to run the full Plan stage, navigate planning sub-steps, or resume after a rejection.