Loading...
Loading...
Compare original and translation side by side
skills/ETHICS.mdskills/WHY-NOT-SPAM.mdskills/ETHICS.mdskills/WHY-NOT-SPAM.md"We are aware of and actively investigating a security issue affecting some customer data. (Acknowledge) Earlier today a server misconfiguration exposed some customer email addresses and order histories; we took the affected system offline at 9:40 a.m. (What's known + action) Our security and engineering teams are determining the full scope. (Action) We'll issue our next update by 1:00 p.m. ET. (When more comes) Media: press@company.com. Affected customers: security@company.com. (Where to direct)"
“我们已获悉并正在调查一起影响部分客户数据的安全问题。(确认)今日早些时候,一台服务器配置错误暴露了部分客户的电子邮件地址和订单历史;我们已于上午9:40将受影响系统下线。(已知信息+行动)我们的安全和工程团队正在确定事件的完整范围。(行动)我们将在美东时间下午1:00前发布下一次更新。(后续更新时间)媒体咨询:press@company.com。受影响客户咨询:security@company.com。(咨询渠道)”
C: "We know having your personal information exposed is upsetting, and we're sorry our customers are dealing with this." A: "We took the affected server offline at 9:40 this morning, we're notifying everyone affected, and we've launched a full review of our configurations." P: "The exposed data was limited to email addresses and order histories — no passwords or payment card numbers."
关怀:“我们知道个人信息被暴露会令人不安,对于客户因此遭遇的困扰,我们深表歉意。” 行动:“我们已于今日上午9:40将受影响服务器下线,正在通知所有受影响客户,并已启动对所有配置的全面审查。” 视角:“暴露的数据仅限于电子邮件地址和订单历史——不包含密码或支付卡号。”
"I'm not going to put a number out that I'd have to correct later. We're determining the exact count now and have committed to a full update by 1:00 p.m. What I can confirm: the exposed data was email addresses and order histories, and the system is offline."
“我不会给出一个之后需要修正的数字。我们目前正在确定确切人数,并承诺在下午1:00前发布完整更新。我可以确认的是:暴露的数据是电子邮件地址和订单历史,且涉事系统已下线。”
| Need | Framework | Core move |
|---|---|---|
| First message in minutes | Holding anatomy (1) | Acknowledge / known / action / when-more / where |
| Tone & accountability | SCCT (2) | Classify cluster → deny/diminish/rebuild + bolster |
| Ordering the message | CAP (3) | Concern → Action → Perspective |
| Unknown facts | Legitimate non-answer (4) | Gap + reason + committed update time |
| Hostile interview | Bridge / Flag / Block (5) | Acknowledge → transition to confirmed message |
| Strategic stance | Proactive vs reactive; holding vs full (6) | Steal thunder; never ship "full" on unconfirmed facts |
| 需求 | 框架 | 核心动作 |
|---|---|---|
| 几分钟内发布第一条消息 | 暂存声明结构(1) | 确认/已知信息/行动/后续更新时间/咨询渠道 |
| 语气与问责 | SCCT(2) | 分类别→否认/弱化/重建+强化 |
| 信息排序 | CAP(3) | 关怀→行动→视角 |
| 未知事实 | 合理非答法(4) | 缺口+原因+承诺更新时间 |
| 敌意采访 | 搭桥/标记/阻断(5) | 确认问题→过渡到已确认信息 |
| 战略立场 | 主动vs被动;暂存vs完整(6) | 抢占先机;绝不要基于未确认事实发布“完整”声明 |
| Field | What it is |
|---|---|
| Incident summary | 1-3 plain-English sentences. No marketing language. |
| Incident type | One of: product safety, data security, personnel misconduct, financial irregularity, regulatory, product outage, viral social event, executive statement backlash, third-party action, landmine newsjack, or other. |
| First known at | When the company first learned of it (date and time). |
| Org name | Used exactly as given, never invented. |
| User's role | E.g. head of comms, founder, agency lead. |
| Audience | Any of: press, customers, employees, investors, regulators, partners, public social. |
| Known facts | Bullets the user is certain of and can defend. |
| Unknown or unverified | Explicit gaps. Never assert these in the output. |
| Actions taken so far | Real actions only. |
| Actions committed to | Optional. If absent, make no commitments. |
| People involved | Optional. Only use names with explicit consent. |
| Legal status | One of: no counsel yet, counsel engaged and reviewing, or counsel approved the draft path. |
| Regulatory exposure | Free text, or "none." |
| Media inquiry timing | One of: none yet, inbound within 24h, within 4h, within 1h, or already published. |
| Prior public statement | Optional. The exact text plus when it went out. |
| Tone constraints | Optional. |
I won't draft without the intake. Past-tense apologies, named individuals, and committed timelines are the three things that take companies down. I won't make them up. Walk me through the basics. Two minutes.
[YOU MUST CONFIRM]| 字段 | 说明 |
|---|---|
| 事件摘要 | 1-3句平实的英文句子。不要使用营销话术。 |
| 事件类型 | 以下之一:产品安全、数据安全、人员不当行为、财务违规、监管合规、产品宕机、社交媒体 viral 事件、高管言论 backlash、第三方行动、突发舆情借势(landmine newsjack)或其他。 |
| 首次获悉时间 | 公司首次得知事件的日期和时间。 |
| 组织名称 | 严格按照用户提供的名称使用,绝不自行编造。 |
| 用户角色 | 例如:沟通总监、创始人、代理负责人。 |
| 受众 | 以下任何一种:媒体、客户、员工、投资者、监管机构、合作伙伴、公众社交媒体。 |
| 已知事实 | 用户确定且可以辩护的要点。 |
| 未知或未核实信息 | 明确的信息缺口。绝不要在输出中断言这些内容。 |
| 已采取的行动 | 仅包含真实行动。 |
| 承诺采取的行动 | 可选。如果缺失,不要做出任何承诺。 |
| 涉及人员 | 可选。仅在获得明确同意后使用姓名。 |
| 法律状态 | 以下之一:尚未咨询法律顾问、已聘请法律顾问并正在审核、已获得法律顾问对草稿路径的批准。 |
| 监管风险 | 自由文本,或“无”。 |
| 媒体问询时间 | 以下之一:尚无问询、24小时内将收到问询、4小时内、1小时内、已发布相关报道。 |
| 过往公开声明 | 可选。包含确切文本及发布时间。 |
| 语气限制 | 可选。 |
没有收集到信息我不会起草。过去式道歉、点名个人、承诺时间线是导致公司陷入困境的三大因素。我不会凭空编造。花两分钟告诉我基本情况。
[YOU MUST CONFIRM]undefinedundefined--counsel-review-mode
If `--counsel-review-mode` is set, produce the full output, but put this banner before each statement:
```markdown
**DRAFT - NOT FOR PUBLICATION - FOR COUNSEL REVIEW ONLY - [timestamp]**This draft has been generated for counsel review. It has not been verified, redlined, or cleared. Do not publish, paste into a press response, or send to any external party until counsel has reviewed and approved.--counsel-review-mode
如果设置了`--counsel-review-mode`,生成完整输出,但在每份声明前添加以下横幅:
```markdown
**草稿 - 非公开 - 仅供法律顾问审核 - [时间戳]**本草稿仅供法律顾问审核使用。尚未经过核实、修订或批准。在法律顾问审核并批准前,请勿发布、粘贴到媒体回复中或发送给任何外部方。We are aware of the situation and are reviewing. We will share more as soon as we can confirm it.
我们已获悉相关情况,正在审核。我们会在确认信息后尽快分享更多内容。
| Category | What it covers |
|---|---|
| facts | What, when, where, how many. |
| scope | Who is affected, how many, where. |
| responsibility | Who did this, negligence, foreseeability. |
| remediation | What is being done, when fixed, what changes. |
| people | Spokesperson, discipline, decision owner. |
| timeline | When the company knew, why disclosure timing, what next. |
| legal | Investigations, authorities, suits, regulators. |
| business | Financial impact, churn, partners. |
| 类别 | 涵盖内容 |
|---|---|
| 事实 | 何事、何时、何地、多少。 |
| 范围 | 谁受影响、数量、地点。 |
| 责任 | 谁所为、疏忽、可预见性。 |
| 补救 | 正在做什么、何时修复、有何变化。 |
| 人员 | 发言人、纪律处分、决策负责人。 |
| 时间线 | 公司何时得知、披露时机原因、下一步计划。 |
| 法律 | 调查、当局、诉讼、监管机构。 |
| 业务 | 财务影响、客户流失、合作伙伴。 |
| Situation | Valid until |
|---|---|
| Default | The later of first-known time or now, plus 4 hours. |
| Inbound within 1h, or already published | now + 1 hour. |
| Data security incident with GDPR, CCPA, or HIPAA exposure | now + 2 hours. |
| Landmine newsjack | now + 30 minutes. |
**The situation has likely moved. Do not reuse the prior draft.**
Things that change a holding statement: a new public fact, an inbound from a regulator, a second incident, a leaked internal email, a new named individual, or four hours of elapsed time. Re-state what is currently known. Re-run the gate.| 情况 | 有效期至 |
|---|---|
| 默认 | 首次获悉时间或当前时间中较晚的时间 + 4小时。 |
| 1小时内将收到问询,或已发布相关报道 | 当前时间 + 1小时。 |
| 涉及GDPR、CCPA或HIPAA的数据安全事件 | 当前时间 + 2小时。 |
| 突发舆情借势事件 | 当前时间 + 30分钟。 |
**局势可能已发生变化。请勿重复使用过往草稿。**
会改变暂存声明的因素:新的公开事实、监管机构来访、第二次事件、内部邮件泄露、新的点名人员,或有效期已过。重新说明当前已知信息,重新运行审核关卡。Holding draft - [org name] - [issued at] - valid until [valid until]
Short ([word count] words)
The short statement, in its own block so it is easy to copy.Medium ([word count] words)
The medium statement, in its own block.Cautious legal pass ([word count] words)
The cautious-legal-pass statement, in its own block, followed by a bulleted "Deltas from medium" list.Q&A scaffold
A table: Category, Question, Posture, Rationale, Draft response or holding line.What not to say
A table: Phrase, Reason, Suggested rewrite.Decay
Issued, valid until, and the refresh trigger.Refusals
Any variants you refused and why.
暂存声明草稿 - [组织名称] - [发布时间] - 有效期至 [有效期至]
简短声明([字数]字)
简短声明,单独成块以便复制。中等长度声明([字数]字)
中等长度声明,单独成块。法律顾问审核版([字数]字)
法律顾问审核版声明,单独成块,后跟“与中等长度声明的差异”项目符号列表。问答框架
表格:类别、问题、应对策略、理由、草稿回复或暂存话术。禁忌话术
表格:短语、原因、建议改写。有效期
发布时间、有效期至、更新触发条件。拒绝内容
任何拒绝提供的版本及原因。
--counsel-review-mode--counsel-review-modeNorthgate Security has identified an isolated firmware issue affecting a small number of SL-200 locks. Out of an abundance of caution, we are launching a comprehensive investigation and will issue a fix within 24 hours.
undefinedNorthgate Security已发现影响少量SL-200锁的孤立固件问题。出于谨慎考虑,我们正在启动全面调查,并将在24小时内发布修复方案。
undefined--counsel-review-mode
What the skill caught in the unsafe draft: "isolated" is unverifiable; "small number" is unsupported because total scope is unknown; "out of an abundance of caution" is a banned hedge; "comprehensive investigation" and "fix within 24 hours" are invented.--counsel-review-mode
本工具在不安全草稿中发现的问题:“孤立”无法核实;“少量”因范围未知而无依据;“出于谨慎考虑”是禁用的模糊措辞;“全面调查”和“24小时内发布修复方案”是凭空编造的。Loomwork takes customer security seriously. Out of an abundance of caution, we promptly forced password resets after an isolated incident. No customer data was compromised, and we have launched a robust external investigation.
Loomwork高度重视客户安全。出于谨慎考虑,我们在发生孤立事件后迅速强制重置密码。未泄露客户数据,我们已启动强大的外部调查。
Loomwork detected unauthorized access to a customer database table on May 17 affecting 47,200 accounts. We rotated internal API keys, forced password resets for affected accounts, engaged Mandiant, and notified the Irish Data Protection Commission.Loomwork于5月17日检测到未经授权访问客户数据库表,影响47,200个账户。我们已轮换内部API密钥、强制受影响账户重置密码、聘请Mandiant并通知爱尔兰数据保护委员会。On May 17 at 08:30 UTC, Loomwork detected unauthorized access to a customer database table containing email addresses and bcrypt-hashed passwords for 47,200 accounts. The affected table did not contain payment information, message content, or document content. We do not yet know whether data was exfiltrated.
We rotated all internal API keys by 11:00 UTC that day, forced password resets for affected accounts, engaged Mandiant for forensic review, and notified our DPO and the Irish Data Protection Commission. Password resets are in progress and about 80 percent complete.
We will publish a post-incident write-up within 14 days and notify any user whose data is confirmed exfiltrated within 72 hours of confirmation.5月17日08:30 UTC,Loomwork检测到未经授权访问包含47,200个账户的电子邮件地址和bcrypt哈希密码的客户数据库表。受影响表不包含支付信息、消息内容或文档内容。我们目前尚不清楚数据是否被窃取。
我们已于当日11:00 UTC轮换所有内部API密钥,强制受影响账户重置密码,聘请Mandiant进行取证审查,并通知了我们的DPO和爱尔兰数据保护委员会。密码重置正在进行中,完成约80%。
我们将在14天内发布事件后报告,并在确认数据被窃取后72小时内通知相关用户。On May 17 at 08:30 UTC, Loomwork detected what appears to be unauthorized access to a customer database table containing email addresses and bcrypt-hashed passwords for 47,200 accounts. Based on what we currently know, the affected table did not contain payment information, message content, or document content. We do not yet know whether data was exfiltrated.
We have rotated internal API keys, have begun forcing password resets for affected accounts, and engaged Mandiant for forensic review. We have notified our DPO and the Irish Data Protection Commission.
We will update this statement as our understanding develops.5月17日08:30 UTC,Loomwork检测到似乎是未经授权访问包含47,200个账户的电子邮件地址和bcrypt哈希密码的客户数据库表。基于我们目前所知,受影响表不包含支付信息、消息内容或文档内容。我们目前尚不清楚数据是否被窃取。
我们已轮换内部API密钥,已开始强制受影响账户重置密码,并聘请Mandiant进行取证审查。我们已通知我们的DPO和爱尔兰数据保护委员会。
我们会随着了解的深入更新本声明。| Category | Question | Posture | Rationale | Draft response or holding line |
|---|---|---|---|---|
| facts | When did you detect the access? | answer | Timestamp is confirmed. | We detected it at 08:30 UTC on May 17. |
| scope | How many accounts were affected? | answer | Account count is confirmed. | 47,200 accounts were in the affected table. |
| scope | What data was in the table? | answer | Data categories are confirmed. | Email addresses and bcrypt-hashed passwords. The table did not contain payment information, message content, or document content. |
| responsibility | Was this an attack or a misconfiguration? | decline and name why | Root cause is not confirmed. | Mandiant's forensic review is underway. We'll share findings when we can confirm them. |
| remediation | Have all passwords been reset? | answer | Status is confirmed but incomplete. | Password resets are in progress and about 80 percent complete. |
| legal | Have you notified regulators? | answer | Irish DPC notice is confirmed. | We notified our DPO and the Irish Data Protection Commission. |
| business | Is this material to the business? | decline and name why | The intake does not include materiality facts. | We are not making forward-looking statements at this point. |
| 类别 | 问题 | 应对策略 | 理由 | 草稿回复或暂存话术 |
|---|---|---|---|---|
| 事实 | 你们何时检测到访问? | 回答 | 时间戳已确认。 | 我们在5月17日08:30 UTC检测到。 |
| 范围 | 有多少账户受影响? | 回答 | 账户数量已确认。 | 受影响表中有47,200个账户。 |
| 范围 | 表中有哪些数据? | 回答 | 数据类别已确认。 | 电子邮件地址和bcrypt哈希密码。该表不包含支付信息、消息内容或文档内容。 |
| 责任 | 这是攻击还是配置错误? | 拒绝并说明原因 | 根本原因未确认。 | Mandiant的取证审查正在进行中。我们会在确认后分享结果。 |
| 补救 | 所有密码都已重置吗? | 回答 | 状态已确认但未完成。 | 密码重置正在进行中,完成约80%。 |
| 法律 | 你们已通知监管机构吗? | 回答 | 已确认通知爱尔兰DPC。 | 我们已通知我们的DPO和爱尔兰数据保护委员会。 |
| 业务 | 这对业务有重大影响吗? | 拒绝并说明原因 | 收集的信息不包含重大性事实。 | 我们目前不发表前瞻性声明。 |
| Phrase | Reason | Suggested rewrite |
|---|---|---|
| "takes customer security seriously" | Parodied crisis boilerplate. Demonstrate seriousness with actions. | Name the key rotation, password resets, Mandiant review, and DPC notice. |
| "out of an abundance of caution" | Banned hedge. | State the action and why it was taken. |
| "promptly" | Vague timing. | Use 11:00 UTC if counsel clears it. |
| "isolated incident" | Scope is not fully known. | Omit. |
| "No customer data was compromised" | Exfiltration is unknown. | "We do not yet know whether data was exfiltrated." |
| "robust external investigation" | "Robust" is filler; the firm matters. | "Mandiant forensic review." |
| 短语 | 原因 | 建议改写 |
|---|---|---|
| “高度重视客户安全” | 被嘲讽的危机套话。用行动展现严肃性。 | 提及密钥轮换、密码重置、Mandiant审查和DPC通知。 |
| “出于谨慎考虑” | 禁用的模糊措辞。 | 说明行动及其原因。 |
| “迅速” | 模糊的时间表述。 | 如果法律顾问批准,使用11:00 UTC。 |
| “孤立事件” | 范围尚未完全明确。 | 删除。 |
| “未泄露客户数据” | 数据是否被窃取未知。 | “我们目前尚不清楚数据是否被窃取。” |
| “强大的外部调查” | “强大”是空洞表述;调查公司名称更重要。 | “Mandiant取证审查。” |