reporting

Reporting — Final Security Report

Assemble report.md from findings-confirmed.json (or, when scope.exploit == false, from findings-candidates.json, clearly labeling findings as UNVALIDATED).

`report.md` structure:

Executive Summary — target, scope, dates, count by severity.
Findings — one section per finding: title, severity, confidence, affected endpoint/param, reproduction (copy-paste PoC), evidence, impact, remediation.
Out of scope / not confirmed — candidates that could not be proven.
Methodology — phases run and tools used.

Sort findings by severity (critical→low). Include only confirmed findings in the main Findings section when exploitation ran. Write to pentest-workspace/<run-id>/report.md.

Reporting — Final Security Report

Assemble report.md from findings-confirmed.json (or, when scope.exploit == false, from findings-candidates.json, clearly labeling findings as UNVALIDATED).

`report.md` structure:

Executive Summary — target, scope, dates, count by severity.
Findings — one section per finding: title, severity, confidence, affected endpoint/param, reproduction (copy-paste PoC), evidence, impact, remediation.
Out of scope / not confirmed — candidates that could not be proven.
Methodology — phases run and tools used.

Sort findings by severity (critical→low). Include only confirmed findings in the main Findings section when exploitation ran. Write to pentest-workspace/<run-id>/report.md.

Invocation

Context Preview

SKILL.md

reporting

Invocation

Context Preview

SKILL.md

Reporting — Final Security Report

`report.md` structure:

Similar Skills

Reporting — Final Security Report

`report.md` structure:

Similar Skills

reporting

Invocation

Context Preview

SKILL.md

reporting

Invocation

Context Preview

SKILL.md

Reporting — Final Security Report

report.md structure:

Similar Skills

Reporting — Final Security Report

report.md structure:

Similar Skills

`report.md` structure:

`report.md` structure: