| name | vulnerability-triage |
| description | Prioritize and explain security vulnerabilities found by Kai scans with research context |
| version | 1.0.0 |
| author | kai-agent |
| metadata | {"kai":{"tags":["kai","security","triage","vulnerabilities","research"]}} |
Vulnerability Triage
Analyze, prioritize, and contextualize security vulnerabilities discovered by Kai.
When to use
After a security scan completes with findings. This skill goes beyond just listing vulnerabilities, it explains WHY each matters and what the real-world impact could be.
Workflow
1. Gather findings
list_vulnerabilities(executionId) → get all findings
For each finding:
get_vulnerability_details(executionId, exploitId)
2. Categorize by severity and type
Group findings into:
- Critical: Remote code execution, authentication bypass, SQL injection with data access
- High: Privilege escalation, SSRF, stored XSS, insecure deserialization
- Medium: Reflected XSS, CSRF, information disclosure, path traversal
- Low: Missing headers, verbose errors, minor misconfigurations
3. Research context for each finding
For each significant vulnerability:
-
Search for CVE parallels: Use web_search to find similar CVEs
- "CVE [vulnerability type] [framework/language]"
- Check if this is a known pattern with existing advisories
-
Find real-world impact examples: Search for breaches caused by similar vulnerabilities
- "[vulnerability type] breach incident"
- Quantify impact: data records exposed, financial cost, downtime
-
Check framework-specific guidance: Look for official security documentation
- "[framework] security best practices [vulnerability type]"
-
CVSS scoring context: Explain the CVSS vector if provided
- Attack vector (network vs local)
- Complexity (low = easy to exploit)
- Privileges required
- User interaction needed
4. Produce triage report
For each finding, output:
- Title: One-line description
- Severity: Critical/High/Medium/Low with CVSS if available
- Location: File, function, line numbers
- What it is: Plain language explanation
- Why it matters: Real-world impact with examples
- How to fix: Specific, actionable remediation steps
- Priority: Fix now / this sprint / backlog
5. Summary
- Total findings by severity
- Estimated effort to remediate (hours)
- Recommended fix order (risk vs effort matrix)
- Comparison to industry benchmarks if available
Tips
- Always read the actual source code (browse_repository_files, read_repository_files) to understand context around the vulnerability
- Verified exploits (with PoC) are higher confidence than hypothesis-only findings
- Cross-reference with OWASP Top 10 for standardized categorization
- Save triage patterns as memory for this specific codebase