Back to Details

markup-detection

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Markup Detection

标记检测

When to Use

适用场景

  • Assess whether images or video show signs of tampering, compositing, or inconsistent capture metadata
  • Review documents (Office, PDF) for hidden markup, revision layers, comments, or undisclosed edits
  • Run metadata and provenance checks—EXIF/XMP, file hashes, embedded timestamps, export vs capture mismatches
  • Triage synthetic media and deepfake concerns using observable workflow indicators (not model training)
  • Interpret watermarks, C2PA / content credentials, and publisher attestation claims at a high level
  • Produce investigation memos with confidence tiers, evidence tables, and stated limitations
  • Compare source chain (original upload, reposts, screenshots) when authenticity is disputed
  • 评估图像或视频是否存在篡改、合成或捕获元数据不一致的迹象
  • 检查文档(Office、PDF)中的隐藏标记、修订层、评论或未披露的编辑内容
  • 执行元数据与来源核查——EXIF/XMP、文件哈希值、嵌入时间戳、导出与捕获信息不匹配情况
  • 使用可观测的工作流指标(而非模型训练)排查合成媒体深度伪造相关问题
  • 从宏观层面解读水印C2PA / 内容凭证以及发布者的认证声明
  • 生成包含置信度等级、证据表格和明确限制的调查备忘录
  • 当真实性存在争议时,对比来源链(原始上传、转发、截图)

When NOT to Use

不适用场景

  • Train, fine-tune, or benchmark detection ML models
    ml-research-engineer-safeguards
  • Design cryptographic watermarks, steganography, or signing schemes → 
    cryptographer-specialist
  • Perform full digital forensics with chain-of-custody, disk imaging, or courtroom expert testimony → specialized forensics vendor / 
    digital-forensics-analyst
    (when installed)
  • Conduct authorized offensive security or adversarial AI red teaming → 
    ai-redteam
    , 
    penetration-tester
  • Map findings to audit attestations, SOC 2 opinions, or control effectiveness → 
    auditor
    , 
    compliance-engineer
  • Blockchain-only address tracing, sanctions, or on-chain attribution → blockint / investigation skills unless user adds document/media context
  • Issue legal conclusions on fraud, defamation, or admissibility → counsel; state facts and uncertainty only
  • 训练、微调或基准测试检测类机器学习模型
    ml-research-engineer-safeguards
  • 设计加密水印、隐写术或签名方案 → 
    cryptographer-specialist
  • 执行涉及监管链、磁盘镜像或法庭专家证词的完整数字取证 → 专业取证供应商 / 
    digital-forensics-analyst
    (已安装时)
  • 开展授权攻击性安全测试或对抗性AI红队测试 → 
    ai-redteam
    penetration-tester
  • 将调查结果映射到审计认证、SOC 2意见或控制有效性评估 → 
    auditor
    compliance-engineer
  • 仅基于区块链的地址追踪、制裁或链上归因 → 区块链情报/调查类Skill(除非用户添加文档/媒体相关上下文)
  • 就欺诈、诽谤或证据可采性出具法律结论 → 咨询法律顾问;仅陈述事实与不确定性

Related skills

相关Skill

NeedSkill
IAM, logging, DLP, and control implementation
information-security-engineer
Adversarial testing of LLM apps and copilots
ai-redteam
Crypto signing, PKI, and watermark protocol design
cryptographer-specialist
Internal audit, evidence standards, deficiency write-ups
auditor
Technical control evidence and CCM pipelines
compliance-engineer
Production LLM features and RAG (not media forensics)
ai-engineer
AI governance and risk tiers for synthetic content policy
ai-risk-governance
Disk/memory/log forensics and chain of custody
digital-forensics-analyst
(when installed)
需求Skill
IAM、日志记录、DLP及控制措施实施
information-security-engineer
LLM应用与copilots的对抗性测试
ai-redteam
加密签名、PKI及水印协议设计
cryptographer-specialist
内部审计、证据标准、缺陷报告撰写
auditor
技术控制证据与CCM流水线
compliance-engineer
生产级LLM功能与RAG(非媒体取证)
ai-engineer
合成内容政策的AI治理与风险分级
ai-risk-governance
磁盘/内存/日志取证及监管链管理
digital-forensics-analyst
(已安装时)

Core Workflows

核心工作流

1. Intake and scope

1. 接收与范围界定

  1. Identify asset type (image, video, audio, PDF, Office, email archive, web capture)
  2. Record claimed provenance (author, date, device, platform, original URL)
  3. List decision needed (internal triage, incident response, press review, litigation support prep—not legal advice)
  4. Note constraints (only copies available, re-encoded social video, missing originals)
  5. Select reference files from the table below
TopicReference
Scope and boundaries
references/markup_detection_scope.md
Visual tampering heuristics
references/visual_media_tampering_indicators.md
Documents, EXIF, hashes
references/document_integrity_and_metadata.md
Synthetic media / deepfakes
references/synthetic_media_and_deepfakes.md
Watermarks, C2PA, credentials
references/watermarks_provenance_c2pa.md
Reporting and limits
references/investigation_reporting_and_limits.md
  1. 确定资产类型(图像、视频、音频、PDF、Office、邮件归档、网页捕获内容)
  2. 记录声称的来源(作者、日期、设备、平台、原始URL)
  3. 列出所需决策(内部排查、事件响应、媒体审查、诉讼支持准备——非法律建议)
  4. 标注约束条件(仅能获取副本、经重新编码的社交平台视频、缺失原始文件)
  5. 从下方表格中选择参考文件
主题参考资料
范围与边界
references/markup_detection_scope.md
视觉篡改启发式规则
references/visual_media_tampering_indicators.md
文档、EXIF、哈希值
references/document_integrity_and_metadata.md
合成媒体/深度伪造
references/synthetic_media_and_deepfakes.md
水印、C2PA、凭证
references/watermarks_provenance_c2pa.md
报告与限制
references/investigation_reporting_and_limits.md

2. Preserve and catalog evidence

2. 证据保存与编目

  1. Obtain best available originals; avoid unnecessary re-saving that strips metadata
  2. Compute cryptographic hashes (SHA-256) per file; record filename, size, received time
  3. Capture context screenshots (platform UI, URLs, conversation thread) separately from the asset
  4. Document tool versions used for extraction or enhancement
  5. If chain of custody matters, route to formal forensics—do not improvise custody from this skill alone
  1. 获取最佳可用原始文件;避免不必要的重新保存操作,以防元数据丢失
  2. 为每个文件计算加密哈希值(SHA-256);记录文件名、大小、接收时间
  3. 单独捕获上下文截图(平台UI、URL、对话线程),与资产分离存储
  4. 记录用于提取或增强处理的工具版本
  5. 若监管链至关重要,需转交正式取证流程——仅依靠本Skill无法完成合规的监管链管理

3. Layered analysis

3. 分层分析

Run checks in parallel where possible; corroborate across layers before strong conclusions.
  1. Structural / visual — lighting, shadows, edges, noise, perspective, duplicate regions (see visual reference)
  2. Metadata — EXIF/XMP, container timestamps, software strings, GPS/device fields (see document integrity reference)
  3. Document markup — tracked changes, comments, hidden text, embedded objects (see document integrity reference)
  4. Synthetic-media signals — face boundary, blink cadence, audio-visual sync at workflow level (see synthetic reference)
  5. Attestation — C2PA manifest, publisher credentials, visible watermarks (see watermarks reference)
尽可能并行执行检查;在得出明确结论前,需交叉验证各层结果。
  1. 结构/视觉层面——光线、阴影、边缘、噪点、透视、重复区域(参见视觉参考资料)
  2. 元数据层面——EXIF/XMP、容器时间戳、软件字符串、GPS/设备字段(参见文档完整性参考资料)
  3. 文档标记层面——跟踪更改、评论、隐藏文本、嵌入对象(参见文档完整性参考资料)
  4. 合成媒体信号——人脸边界、眨眼频率、工作流层面的音视频同步性(参见合成媒体参考资料)
  5. 认证层面——C2PA清单、发布者凭证、可见水印(参见水印参考资料)

4. Score and report

4. 评分与报告

  1. Classify each finding: observed fact vs inference vs hypothesis
  2. Assign confidence (High / Medium / Low) per finding with rationale
  3. State alternative explanations (heavy compression, beauty filters, legitimate edits)
  4. Deliver memo using templates in 
    references/investigation_reporting_and_limits.md
  5. Recommend next steps (obtain original, specialist lab, legal review) when confidence is insufficient
  1. 对每个发现进行分类:已观测事实 vs 推论 vs 假设
  2. 为每个发现分配置信度(高/中/低)并说明理由
  3. 列出替代解释(重度压缩、美颜滤镜、合法编辑)
  4. 使用
    references/investigation_reporting_and_limits.md
    中的模板生成备忘录
  5. 当置信度不足时,建议下一步行动(获取原始文件、咨询专业实验室、法律审查)

Quality bar

质量标准

  • Never present heuristic suspicion as definitive proof of manipulation
  • Separate undisclosed editorial markup from malicious tampering when intent is unknown
  • Call out re-encoding, screenshots, and platform transcoding as common false-positive drivers
  • Cite which checks were not run when tooling or access was missing
  • 绝不能将启发式怀疑作为篡改的确凿证据
  • 当意图不明时,需区分未披露的编辑标记恶意篡改
  • 指出重新编码截图平台转码是常见的误报诱因
  • 当因工具或权限限制未执行某些检查时,需明确说明