pentest-evidence-structuring-report-synthesis
"Security assessment skill for structuring evidence, deduplicating findings, and producing decision-ready security reports. Use when prompts include write report, consolidate findings, severity ranking, remediation guidance, executive summary, or technical appendix generation. Do not use for live exploit execution, reconnaissance, or payload experimentation tasks."
Install
npx skillscat add crtvrffnrt/skills/pentest-evidence-structuring-report-synthesis Install via the SkillsCat registry.
SKILL.md
Evidence Structuring & Report Synthesis
Activation Triggers (Positive)
write reportconsolidate findingsseverityremediationexecutive summaryevidence tablefinal deliverable
Exclusion Triggers (Negative)
run exploitperform reconfuzz inputslive validation
Output Schema
- Confirmed findings table:
id,title,severity,confidence,impact - Evidence map:
finding idto reproducible proof artifacts - Remediation plan: prioritized fixes with verification guidance
Instructions
- Separate confirmed findings from hypotheses and informational observations.
- Deduplicate by root cause and attacker capability, not by endpoint count alone.
- Assign severity from demonstrated impact and exploitability evidence.
- Keep technical evidence concise, reproducible, and traceable.
- Produce both technical and executive views from the same canonical evidence.
- Mark open questions and explicitly state what remains unverified.
Should Do
- Preserve factual precision and reproducibility in every finding.
- Keep structure stable for machine parsing and downstream tracking.
- Tie remediation to the broken control and observed exploit path.
Should Not Do
- Do not inflate severity without demonstrated impact.
- Do not merge unrelated root causes into a single finding.
- Do not hide uncertainty; mark assumptions explicitly.
Install
npx skillscat add crtvrffnrt/skills/pentest-evidence-structuring-report-synthesis Install via the SkillsCat registry.