Incident Report Generator — 資安事件通報報告產生器
Generate cybersecurity incident reports in the official Taiwan government format (個人資料侵害事故通報與紀錄表) as `.docx` files.
About this skill
This AI agent skill automates the creation of comprehensive cybersecurity incident reports specifically tailored for Taiwan's regulatory requirements. It produces a `.docx` file structured according to the official **個人資料侵害事故通報與紀錄表** format, mandated by Taiwan's Ministry of Digital Affairs under the Personal Data Protection Act. The report consists of two main parts: a structured government form with specific fields like incident type, affected record count, and countermeasures, and a detailed appendix providing a narrative explanation, company context, incident timeline, and system security architecture. Designed primarily for Claude Code, this skill streamlines the compliance process for organizations operating in Taiwan that experience data breaches or other cybersecurity incidents. It ensures that critical information is presented in the correct format, facilitating timely and accurate notification to regulatory bodies and internal record-keeping. By automating the generation of these complex documents, it reduces manual effort, minimizes errors, and helps organizations meet strict reporting deadlines.
Best use case
The primary use case is for organizations, especially those operating or handling data in Taiwan, that need to report cybersecurity incidents or data breaches to the government. It benefits compliance officers, IT security teams, and legal departments by providing a standardized, pre-formatted document that meets local regulatory requirements, ensuring adherence to the Personal Data Protection Act.
Generate cybersecurity incident reports in the official Taiwan government format (個人資料侵害事故通報與紀錄表) as `.docx` files.
A fully formatted `.docx` file containing a Taiwan government-compliant cybersecurity incident report, including a structured form and a detailed explanatory appendix, ready for review and submission.
Practical example
Example input
I need to generate a cybersecurity incident report for a data breach in Taiwan. The incident involved the leakage of 500 customer email addresses and phone numbers. It occurred on 2023-10-26, discovered on 2023-10-27. We are preparing to notify affected individuals next week via email.
Example output
A file named `Taiwan_Incident_Report_YYYYMMDD.docx` has been generated. It contains the **個人資料侵害事故通報與紀錄表** with Part 1 filled with the provided details on the 500 leaked records (general personal data), incident type '洩漏' (leakage), and Part 2 outlining the summary, company's relation, a basic timeline, and placeholder sections for system security architecture, encryption, API security, and monitoring details.
When to use this skill
- When a cybersecurity incident or data breach occurs affecting personal data in Taiwan.
- To generate an official government notification form (個人資料侵害事故通報與紀錄表).
- When needing to report a data breach to Taiwan's Ministry of Digital Affairs.
- To create a structured incident report for internal records or external communication in the Taiwan context.
When not to use this skill
- For reporting incidents to regulatory bodies outside of Taiwan.
- When the incident is not related to personal data or cybersecurity (e.g., physical damage, financial fraud without data breach).
- If the required output format is not a `.docx` file or differs significantly from the specified Taiwan government template.
- For preliminary incident logging or real-time incident response activities that don't involve formal report generation.
How Incident Report Generator — 資安事件通報報告產生器 Compares
| Feature / Agent | Incident Report Generator — 資安事件通報報告產生器 | Standard Approach |
|---|---|---|
| Platform Support | Claude | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | easy | N/A |
Frequently Asked Questions
What does this skill do?
Generate cybersecurity incident reports in the official Taiwan government format (個人資料侵害事故通報與紀錄表) as `.docx` files.
Which AI agents support this skill?
This skill is designed for Claude.
How difficult is it to install?
The installation complexity is rated as easy. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Incident Report Generator — 資安事件通報報告產生器
Generate cybersecurity incident reports in the official Taiwan government format (個人資料侵害事故通報與紀錄表) as `.docx` files.
This skill is designed for [Claude Code](https://docs.anthropic.com/en/docs/claude-code) and follows the notification format required by Taiwan's Ministry of Digital Affairs (數位發展部) under the Personal Data Protection Act (個人資料保護法).
## When to Use
Use this skill when the user asks to:
- Create a cybersecurity incident report (資安事件報告)
- Generate a government notification form (通報表)
- Write an incident report for a Taiwan regulatory body
- Respond to a data breach notification requirement
- Create a 個人資料侵害事故通報 document
Trigger words: "incident report", "資安事件", "通報", "個資事件", "data breach report", "事故報告", "通報表"
## Report Format
The report follows Taiwan's official **個人資料侵害事故通報與紀錄表** format, consisting of two parts:
### Part 1: 個人資料侵害事故通報與紀錄表 (Government Form)
A structured table form with these fields:
- **事業名稱** / **通報機關**: Company name and receiving agency
- **通報時間**: Notification timestamp
- **通報人**: Reporter name, title, phone, email, address
- **事件發生時間**: When the incident occurred
- **事件發生種類**: Incident type checkboxes (竊取/洩漏/竄改/毀損/滅失/其他)
- **個資侵害之總筆數**: Number of records affected (一般個/特種個)
- **發生原因及事件摘要**: Cause and summary
- **損害狀況**: Damage assessment
- **個資侵害可能結果**: Possible consequences
- **擬採取之因應措施**: Planned countermeasures
- **擬採通知當事人之時間及方式**: Notification plan for affected individuals
- **72小時通報**: Whether reported within 72 hours
### Part 2: 附錄 — 說明文件 (Detailed Explanation)
The appendix follows this section structure:
1. **一、事件摘要** — What happened, when, scope
2. **二、與本公司之關聯** — How the company is connected to the incident
3. **三、事件時間軸** — Chronological table of events and response actions
4. **四、本公司系統安全架構說明** — Technical security overview:
- 4.1 基礎架構 (Infrastructure)
- 4.2 加密與金鑰管理 (Encryption & Key Management)
- 4.3 API 安全 (API Security)
- 4.4 監控與威脅偵測 (Monitoring & Threat Detection)
- 4.5 入侵偵測與防禦 (IDS/IPS)
- 4.6 存取控制 (Access Control)
5. **五、系統排查報告** — Audit results table (item, scope, result)
6. **六、結論** — Key conclusions
7. **七、後續措施** — Follow-up actions
## Document Formatting Specifications
### Page Setup
- **Page size**: A4 (21.00 cm × 29.70 cm)
- **Margins**: Top 1.45 cm, Bottom 2.45 cm, Left 1.99 cm, Right 1.95 cm
### Fonts
- **Government form (Part 1)**: 楷體 (Kai), 14pt
- **Appendix headings (Heading 2)**: Default heading font, 14pt
- **Appendix sub-headings (Heading 3)**: Default heading font, 12pt
- **Body text**: Calibri, ~11pt
### Tables
- **Government form**: 3-column table with merged cells, bordered
- **Timeline table**: 2 columns (時間, 事件)
- **Audit results table**: 4 columns (項次, 排查項目, 排查範圍, 結果)
## How to Generate
Use the Python script at the skill directory's `generate.py`.
### Steps
1. **Gather information** from the user. Ask for anything not provided:
- Incident description (what happened)
- Date of incident
- Company's relationship to the incident
- Whether any company data was actually breached
- Reporter contact info
- Receiving agency
2. **Run the generator**:
```bash
python3 generate.py --output /path/to/output.docx --config /path/to/config.json
```
Or call the `generate_report()` function directly from Python with a config dict.
3. **Config JSON structure** (all fields optional, defaults provided):
```json
{
"company_name": "Your Company Name",
"receiving_agency": "數位發展部數位產業署",
"report_date": "2026-03-09",
"report_time": "12:00",
"reporter": {
"name": "Reporter Name",
"title": "Job Title",
"phone": "0900-000000",
"email": "security@example.com",
"address": "Company Address"
},
"incident_date": "2026-03-07",
"incident_type": "其他",
"incident_type_note": "Description of incident type",
"records_affected": "Description of affected records",
"general_records": 0,
"special_records": 0,
"cause_summary": "Brief cause description or '請參考底部附錄'",
"damage": "Damage assessment",
"possible_consequences": "Possible consequences description",
"countermeasures": "Countermeasures or '請參考底部附錄'",
"notification_plan": "How affected individuals will be notified",
"within_72_hours": true,
"within_72_hours_reason": "Reason if not within 72 hours",
"appendix": {
"title": "Event Name — Company Incident Report",
"doc_nature": "資安事件通報說明",
"sections": {
"summary": "Full event summary paragraph...",
"relation": "How your company relates to the incident...",
"relation_conclusion": "Key conclusion about company involvement...",
"relation_details": [
"Detail point 1...",
"Detail point 2..."
],
"timeline": [
["2026/03/07 06:45", "Event description"],
["2026/03/07 AM", "Response action"]
],
"security_architecture": {
"intro": "Company platform description...",
"standards_intro": "Standards compliance intro...",
"standards": ["PCI DSS Level 1...", "ISO 27001...", "ISO 27701..."],
"subsections": {
"4.1 基礎架構": ["Infrastructure point 1", "Infrastructure point 2"],
"4.2 加密與金鑰管理": ["Encryption point 1", "Encryption point 2"],
"4.3 API 安全": ["API security point 1"],
"4.4 監控與威脅偵測": ["Monitoring point 1"],
"4.5 入侵偵測與防禦": {
"intro": "IDS/IPS description...",
"items": ["IDS item 1", "IDS item 2"]
},
"4.6 存取控制": {
"system_title": "System-level Access Control (IAM)",
"system_items": ["IAM point 1", "IAM point 2"],
"app_title": "Application-level Access Control (RBAC)",
"app_items": ["RBAC point 1", "RBAC point 2"]
}
}
},
"audit_procedures": [
"Internal procedure reference 1",
"Internal procedure reference 2"
],
"audit_results": [
["Audit Item Name", "Audit Scope", "Result"],
["Another Audit Item", "Another Scope", "No anomalies"]
],
"audit_conclusion": "Overall audit conclusion...",
"conclusions": [
"Conclusion point 1...",
"Conclusion point 2..."
],
"follow_up": [
"Follow-up action 1...",
"Follow-up action 2..."
]
}
}
}
```
4. **Review and adjust** the generated document as needed.
## Customization
### Security Architecture
The `security_architecture` section in the config supports these subsection formats:
**Simple list** (for 4.1–4.4):
```json
"4.1 基礎架構": ["Point 1", "Point 2"]
```
**Intro + items** (for 4.5):
```json
"4.5 入侵偵測與防禦": {
"intro": "Overview paragraph...",
"items": ["Detail 1", "Detail 2"]
}
```
**Dual-section** (for 4.6):
```json
"4.6 存取控制": {
"system_title": "System-level title",
"system_items": ["Item 1"],
"app_title": "App-level title",
"app_items": ["Item 1"]
}
```
### Audit Results
The audit results table accepts rows of `[item_name, scope, result]`:
```json
"audit_results": [
["GuardDuty Threat Detection", "System threat detection", "No anomalies"],
["CloudTrail API Audit", "All API access logs", "No unauthorized access"]
]
```
## Common Audit Items for AWS-based Systems
These are typical items to include in the audit results table:
1. GuardDuty 威脅偵測紀錄 — System threat detection
2. GuardDuty IAM 異常連線偵測 — IAM credential anomaly detection
3. Security Hub 安全態勢檢查 — Unified security posture
4. CloudTrail API 呼叫稽核 — Full API access audit
5. WAF 日誌分析 — Web Application Firewall logs
6. Database 資料存取紀錄 — Database read/write operations
7. Lambda/Function 執行日誌 — Compute function execution logs
8. Secrets Manager 存取紀錄 — Secret access audit
9. KMS 金鑰使用紀錄 — Encryption key usage audit
## Common Internal Procedure References
Typical information security management procedures to reference:
- Network Security Management (網路安全管理程序)
- Access Control Management (存取控制管理程序)
- Information Security Incident Management (資訊安全事件管理程序)
- Personal Data Management (個人資料管理程序)
- Incident Notification & Crisis Management (資訊安全事件通報及危機處理作業說明書)
- Account & Password Management (帳號及密碼管理要點)
- Firewall Management (防火牆管理作業說明書)
- Encryption Key Management (加密金鑰管理作業說明書)
## Compliance Standards
Common standards to reference in reports:
- **PCI DSS** (Payment Card Industry Data Security Standard) — for payment processing
- **ISO 27001** (ISMS) — Information Security Management System
- **ISO 27701** (PIMS) — Privacy Information Management System
- **Taiwan PDPA** (個人資料保護法) — Personal Data Protection ActRelated Skills
perl-security
全面的Perl安全指南,涵盖污染模式、输入验证、安全进程执行、DBI参数化查询、Web安全(XSS/SQLi/CSRF)以及perlcritic安全策略。
security-scan
AgentShield を使用して、Claude Code の設定(.claude/ ディレクトリ)のセキュリティ脆弱性、設定ミス、インジェクションリスクをスキャンします。CLAUDE.md、settings.json、MCP サーバー、フック、エージェント定義をチェックします。
security-review
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
mtls-configuration
Configure mutual TLS (mTLS) for zero-trust service-to-service communication. Use when implementing zero-trust networking, certificate management, or securing internal service communication.
mobile-security-coder
Expert in secure mobile coding practices specializing in input validation, WebView security, and mobile-specific security patterns.
malware-analyst
Expert malware analyst specializing in defensive malware research, threat intelligence, and incident response. Masters sandbox analysis, behavioral analysis, and malware family identification.
linux-privilege-escalation
Execute systematic privilege escalation assessments on Linux systems to identify and exploit misconfigurations, vulnerable services, and security weaknesses that allow elevation from low-privilege user access to root-level control.
laravel-security-audit
Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.
frontend-security-coder
Expert in secure frontend coding practices specializing in XSS prevention, output sanitization, and client-side security patterns.
frontend-mobile-security-xss-scan
You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection poi
differential-review
Security-focused code review for PRs, commits, and diffs.
dependency-management-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.