Skill

fact-verify

Use when verifying factual claims in security analyses against authoritative sources. Supports CVE claim verification and event investigation verification.

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/secops-factory:fact-verify <ticket-id>

User invocable

Model invocable

Inline context

Default effort

Argument hint<ticket-id>

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Verify factual claims in security documents against authoritative sources. Uses Perplexity MCP when available; falls back to direct web queries when it is not.

SKILL.md

67 lines · ~648 tokens

Stats

LanguageShell

Parent stars0

MaintenanceGood

Last CommitApr 13, 2026

Actions

View Source View Plugin View on GitHub View README

Stats

Actions

Fact Verification

Verify factual claims in security documents against authoritative sources. Uses Perplexity MCP when available; falls back to direct web queries when it is not.

Process

Step 1: Detect Claim Type

CVE verification: if CVE-ID present or claim_type=cve
Event investigation: if investigation document or claim_type=event

Step 2: Extract Verifiable Claims

CVE claims:

CVSS score (verify against NVD)
EPSS score (verify against FIRST API)
KEV status (verify against CISA catalog)
Affected versions (verify against vendor advisory)
Patched versions (verify against vendor advisory)
ATT&CK technique IDs (verify against attack.mitre.org)

Event claims:

IP ownership/ASN (verify via WHOIS/BGP)
Geolocation claims (verify via IP geolocation services)
Threat intelligence associations (verify via threat feeds)
Protocol/port combinations (verify standard assignments)

Step 3: Verify Each Claim

Before verifying any claims, determine research path: try calling any mcp__perplexity__* tool with a simple test. If it fails (unknown tool, MCP error), use WebSearch/WebFetch for ALL claims. Do not retry Perplexity or stop. Announce which path.

For each claim:

If Perplexity is available: query with specific verification question
If Perplexity is not available: use WebSearch or WebFetch to query authoritative APIs directly:
- NVD API for CVSS: https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=<CVE-ID>
- FIRST API for EPSS: https://api.first.org/data/v1/epss?cve=<CVE-ID>
- MITRE ATT&CK for technique IDs: https://attack.mitre.org/techniques/<T-ID>/
Cross-reference with authoritative source
Record: claim, source, verification result (Verified/Unverified/Incorrect), research method (perplexity|web-search)
For incorrect claims: document the correct value and source

Step 4: Generate Report

For each claim, output:

Claim text
Source cited
Verification status
Authoritative source and value (if different)
Impact of discrepancy (if any)

Trusted Sources

NVD, CISA KEV, FIRST EPSS, MITRE ATT&CK, vendor security advisories, GitHub advisories.

Security Considerations

Validate CVE ID format before querying
Sanitize ticket IDs to prevent injection
Detect private IPs (cannot verify externally)
Flag unverified claims clearly

fact-verify

Invocation

Context Preview

SKILL.md

fact-verify

Invocation

Context Preview

SKILL.md

Fact Verification

Process

Step 1: Detect Claim Type

Step 2: Extract Verifiable Claims

Step 3: Verify Each Claim

Step 4: Generate Report

Trusted Sources

Security Considerations

Similar Skills

Fact Verification

Process

Step 1: Detect Claim Type

Step 2: Extract Verifiable Claims

Step 3: Verify Each Claim

Step 4: Generate Report

Trusted Sources

Security Considerations

Similar Skills