// Deduplicate, prioritize, and sanity-check a list of raw scanner findings. Use after a dynamic scan completes or when the user asks to review a findings dump. Produces a triaged list with severity adjustments, false-positive calls, and exploitability notes.
Audit authentication and session-management code for common issues — weak JWT config, session fixation, password-handling flaws, insecure cookies, broken OAuth flows, and missing auth checks on routes. Use when the user asks to review auth code or when source-aware scanning targets login/session/token handling.
Turn suspected OS command injection (a parameter that lands in a shell or a child process) into proof of remote code execution via an OAST callback, plus one safe demonstration of follow-on impact (read a file, list users, env dump). Use when a parameter feeds an exec/spawn/system call, when payloads with $(), `` ` ``, `;`, `|`, `&&` cause response differences, or when audit flags CWE-78 / CWE-77. Never sends destructive commands.
Turn a suspected or confirmed authentication/authorization bypass into impact — admin access, session takeover, privilege escalation, or cross-tenant read. Use when you find a missing auth check on a route, a weak JWT verifier, a session cookie that's predictable or reusable across users, a privilege field client-controllable, or an audit finding tagged CWE-287/CWE-863/CWE-639. Walks from probe to admin-equivalent capability and persists a finding with the highest-impact action you reached.
When you find an Insecure Direct Object Reference (a URL/body parameter that lets you read or write another user's object), quantify the blast radius — how many records reachable, what data class, whether write is also unauthorized — and persist a finding sized by real impact rather than by the existence of the flaw. Use when an ID parameter (numeric, UUID, hash, slug) changes the response content across IDs, when CWE-639/CWE-284 was flagged, or when an audit finding hints at object-level access control gaps.
Escalate a suspected or confirmed SQL injection into proof-level data exfiltration. Use when you spot an SQL error in a response, a record from a prior scan flagged a SQLi pattern, or boolean/time differentials indicate the payload reaches the query parser. Walks from probe → confirm → enumerate → exfil with payload-class-aware techniques (in-band, blind boolean, blind time, blind OAST) and ends by persisting a concrete finding with the leaked sample.
Escalate a suspected or confirmed Server-Side Request Forgery into proof of internal-service access — cloud metadata, internal-only APIs, database greetings, or redacted-but-fetchable HTTP. Use when a parameter takes a URL (image proxy, webhook, fetcher, URL preview, PDF render) and the server reaches outbound on your behalf, or when an audit finding tags CWE-918. Confirms reachability via OAST, then walks targeted internal endpoints, ending with a finding sized by the highest-value asset reached.
| name | triage-finding |
| description | Deduplicate, prioritize, and sanity-check a list of raw scanner findings. Use after a dynamic scan completes or when the user asks to review a findings dump. Produces a triaged list with severity adjustments, false-positive calls, and exploitability notes. |
| license | MIT |
| allowed-tools | ["read_file","bash","report_finding"] |
You are triaging scanner findings. The input is a list of raw findings produced by native scanners or earlier agent passes. Your job is to turn that noisy list into a decision-quality report.
For each finding, decide one of:
<script> block that is
JSON-parsed, not executed").Use this rubric. Downgrade if the exploit preconditions are not met.
| Severity | Meaning | Preconditions that DOWNGRADE |
|---|---|---|
| critical | Unauthenticated RCE / auth bypass on primary user path | Requires admin; requires ≥2 other bugs chained |
| high | Auth bypass, stored XSS on primary path, SQLi with data exfil | Requires local access; reflected-only on low-traffic path |
| medium | Reflected XSS, IDOR with limited blast radius, insecure deserialization | Requires elevated role; narrow path |
| low | Info leak without sensitive data, weak TLS config | Covered by WAF / CSP in a way that neutralizes it |
read_file or check the HTTP request/response body. Validate
that the evidence actually demonstrates the issue.report_finding with the adjusted severity and a one-line
rationale in the description (e.g., "Confirmed: payload reflected
un-encoded in /search response body").report_finding. Just list them in
your final message under "Duplicates" with the canonical ID.report_finding with status: false_positive
so the DB reflects the triage decision. Include the reason in
description.report_finding.