Stats
Actions
Tags
From akira
Generates Markdown penetration test reports from triage.md and session.json, formatting Scalpel-certified findings with executive summaries, severity tables, and kill chain details.
How this skill is triggered — by the user, by Claude, or both
Slash command
/akira:reportThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Reads `triage.md` (required) and `session.json` to produce a structured report.
Reads triage.md (required) and session.json to produce a structured report.
80-90% of content is pre-filled from report_draft.findings[] - this skill formats and narratizes, it does not discover.
Get target and report mode from user if not provided.
Read triage.md (required):
cat ~/pentest-toolkit/results/<target>/triage.md
If missing: stop and tell the user to run /triage <target> first.
Read session.json for Scalpel stats:
SESSION=~/pentest-toolkit/results/<target>/session.json
SCALPEL_SCORE=$(jq -r '.scalpel.snr.scalpel_score // "N/A"' $SESSION 2>/dev/null)
CERTIFIED=$(jq '.report_draft.findings | map(select(.status=="SCALPEL_CERTIFIED")) | length' $SESSION 2>/dev/null)
Read plan.md (optional):
cat ~/pentest-toolkit/results/<target>/plan.md 2>/dev/null
Get today's date:
date +%Y-%m-%d
Write report to ~/pentest-toolkit/results/<target>/report-<YYYY-MM-DD>.md:
# Penetration Test Report: <target>
**Date:** <YYYY-MM-DD>
**Assessor:** Akira / Red Team
---
## Scalpel Assessment Quality
| Metric | Value |
|--------|-------|
| Scalpel Score | <N>/100 |
| Certified Findings (SCL) | <N> |
| False Positives | 0 |
| KCCG Complete | <N>/<N> |
> Every finding below is Scalpel Certified — 5-layer Precision Gate passed,
> full Kill Chain proven, DNA fingerprinted, PoC generated.
---
## Executive Summary
**Scope:** <from plan.md, or "Quick engagement — no scope document recorded">
**Assessment Period:** <date>
<2-3 sentence summary of most critical certified findings and overall risk posture>
**Findings Summary:**
| Severity | SCL Certified | Potential |
|----------|--------------|-----------|
| Critical | <N> | <N> |
| High | <N> | <N> |
| Medium | <N> | <N> |
| Low | <N> | <N> |
---
## Certified Findings
### [SCL-YYYY-NNN] <Title>
SCALPEL CERTIFIED [SCL-YYYY-NNN] Severity: <Critical|High|Medium|Low> KCCG: /5 ( certified) Confidence: / 100 DNA: ... PoC: pocs/_poc.sh
**Severity:** <severity>
**CVSS Estimate:** <score> (AV:N/AC:L/PR:N/UI:N/...)
**Asset:** <affected endpoint>
**Weakness:** CWE-<N> — <name>
**Description:** <what the vulnerability is>
**Kill Chain:**
1. <step 1: technique and action>
2. <step 2: technique and action>
3. <step 3: technique and action>
**Impact:** <business impact — specific: "An attacker can extract AWS IAM credentials and access production S3 buckets containing customer database backups">
**Evidence:**
<direct HTTP response quote or tool output — must be from kill_chain evidence>
**Steps to Reproduce:**
```bash
# See pocs/<SCL-YYYY-NNN>_poc.sh for full reproduction script
# Key commands:
<step 1 command>
<step 2 command>
Remediation:
For each POTENTIAL finding from triage.md:
Status: POTENTIAL — Precision Gate incomplete Failed layers: What's needed to certify: Current evidence: Recommended next step:
Phases Completed: Phases Skipped: <list or "none"> Skills Chain: <skills used, e.g., /recon -> /secrets -> /exploit -> /zerodayhunt> Tools Used: subfinder, dnsx, httpx, nmap, gau, katana, trufflehog, gitleaks, feroxbuster, arjun, dalfox, nuclei, sqlmap, jwt_tool, httpx, naabu Scalpel Architecture: Every finding requires 5-layer Precision Gate + KCCG completeness before certification. Zero hallucinations — no claim without HTTP proof.
| SCL ID | File | Type | Size |
|---|---|---|---|
| pocs/_poc.sh | Bash | - | |
| pocs/_poc.http | Raw HTTP | - |
**Bug Bounty Mode** — if user selected bug bounty format, write `bugbounty-<YYYY-MM-DD>.md` instead with one file per finding:
```markdown
# Bug Report: <Title>
**SCL ID:** SCL-YYYY-NNN
**Severity:** Critical / High / Medium / Low
**CVSS Score:** <score> (<vector string>)
**Asset:** <affected domain/endpoint>
**Weakness:** CWE-<N> - <name>
**DNA:** sha256:<hash>... (unique fingerprint — not a duplicate)
## Summary
<2-3 sentences: what is the vulnerability and what can an attacker do?>
## Kill Chain
1. <step 1>
2. <step 2>
3. <step 3: impact demonstrated>
## Steps to Reproduce
<numbered steps — match kill_chain exactly>
## Impact
<Specific: "An attacker can..." not "data exposure">
## Supporting Evidence
<HTTP proof — exact response fragment from precision gate evidence>
```bash
<PoC command from poc.sh>
<Specific, actionable>
KCCG: /5 - Full kill chain proven Reproducible: Yes (/3 replays) Scalpel Score: /100
7. Tell the user: "Report written to `~/pentest-toolkit/results/<target>/report-<date>.md`."
npx claudepluginhub kalpmodi/akiraPenetration test and red team report writing methodology covering executive summaries, technical finding format, CVSS/OWASP scoring, evidence hygiene, and deliverable formats.
Triages pentest findings across phases by running Precision Gate scoring, kill chain completeness checks, severity clustering, and prioritization for Scalpel-format reports.
Generates client-facing red-team reports in a canonized Subject/Observations/Description/Impact/Recommendation/PoC structure for external enterprise engagements with DOCX/PDF output.