Skills

Incident Response Playbook Generator

verified
Updated May 13, 2026

What this skill does

Creates detailed incident response playbooks tailored to your cloud environment and team structure. Covers detection, containment, eradication, recovery, and post-incident review phases for common cloud security incidents including compromised credentials, data exposure, cryptomining, and unauthorized access.

Example

PROMPT

We need incident response playbooks for our AWS environment. 30 engineers, DevOps + Security team of 4. Incidents we want covered: compromised IAM credentials, S3 data exposure, cryptomining, and unauthorized EC2 instance creation. Output to Notion for runbook hub.

OUTPUT
Incident Response Playbooks — [Company] | AWS PLAYBOOK SUMMARY | Incident Type | Severity | Detection | Containment Steps | |----------------------------|----------|------------------------|----------------------| | Compromised IAM credentials| P1 | CloudTrail anomalies | Disable keys, revoke | | S3 data exposure | P1 | GuardDuty, access logs | Block public, notify | | Cryptomining | P2 | CPU spikes, GuardDuty | Isolate instance | | Unauthorized EC2 creation | P2 | CloudTrail, config | Terminate, block | PHASE BREAKDOWN (Compromised Credentials) Detection: CloudTrail unusual API calls, GuardDuty findings, failed MFA Containment: Disable access keys, revoke sessions, block IP Eradication: Rotate credentials, review permissions Recovery: Validate services, restore least-privilege access PIR: Root cause, timeline, lessons learned Generated: Notion runbook pages with tables, checklists, escalation contacts

Required Tools

GitHubGitHub
NotionNotion

Compatible Agents

ClaudeClaude
CursorCursor
WindsurfWindsurf
ChatGPTChatGPT
GitHub CopilotGitHub Copilot
Any MCP-compatible agentAny MCP-compatible agent

Add to your agent

Download Skill

Or install via CLI:

$ npx skills add webrix-ai/agent-skills --skill incident-response-playbook-generator

Deploy Org-wide

Provision to teams via RBAC
Identity-aware execution
Signed & verified skills
Full audit trail
Auto-bundled with required MCP servers
Use withwillow

Free for up to 5 users

Related Skills

Abandoned Cart Recovery

verified

Detects abandoned carts and triggers recovery workflows including email sequences, discount offers, and retargeting campaigns. Analyzes cart abandonment patterns to identify friction points in the checkout flow. Tracks recovery rate and revenue recaptured.

A/B Testing

verified

Helps design statistically rigorous A/B tests for marketing campaigns, landing pages, and product features. Calculates required sample sizes, defines success metrics, sets up test variants, and analyzes results with confidence intervals. Prevents common testing mistakes like peeking and underpowered tests.

AI Adoption Dashboard Builder

verified

Creates a multi-tab analytics dashboard for tracking AI tool adoption across your engineering organization. Includes executive KPIs, team-level adoption curves, per-tool usage breakdowns, productivity impact comparisons, and cost tracking. Optionally generates a Grafana dashboard JSON for real-time monitoring.

AI Adoption Readiness Assessment

verified

A structured assessment framework that scores your organization across five critical dimensions of AI readiness. Produces an actionable scorecard with prioritized recommendations, a detailed gap analysis spreadsheet, and optional Jira tickets to track remediation efforts.

Your agents are already in the wild.

Give them a Basecamp. Go from AI chaos to AI work, in minutes.

Get Started
See a Demo
Incident Response Playbook Generator | Willow Marketplace