メニュー
Use when analyzing components for vulnerabilities (Phase 2 - Parallel Analysis)
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
| name | perseus:audit |
| description | Use when analyzing components for vulnerabilities (Phase 2 - Parallel Analysis) |
This skill executes the Vulnerability Analysis Phase of the Perseus framework. It performs deep-dive white-box analysis on the components identified during the Scan phase.
Goal: Prove the potential for exploitation by finding source-to-sink paths lacking proper defense.
Methodology:
Assign confidence to every finding:
| Confidence | Criteria |
|---|---|
| High | Direct source-to-sink path with clear missing defense and reproducible trigger |
| Medium | Strong path evidence, but one assumption (runtime config/auth state) remains |
| Low | Pattern match only; data flow or trigger path is incomplete |
Prioritize exploit queue in this order:
Launch these 5 agents simultaneously using a single message with multiple Task tool calls:
innerHTML, eval). Verify context-aware escaping. Flag raw HTML rendering."state/nonce in OAuth."For each agent, enforce this loop:
zod.parse)escapeHtml)Each agent must produce a specialized report in deliverables/:
injection_analysis.mdxss_analysis.mdauth_analysis.mdauthz_analysis.mdssrf_analysis.mdFor each finding include:
High | Medium | LowYes | No (and reason)Next Step: Proceed to perseus:exploit to verify findings with Proof-of-Concept.
Use when you want to run a full, automated penetration test from start to finish (Scan -> Audit -> Exploit -> Report)
Use when starting a security conversation to understand the Perseus methodology
Use when verifying vulnerabilities with Dynamic Exploit Generation (Phase 3)
Use when generating the final executive security report (Phase 4)
Run all specialist deep-dive skills in parallel for comprehensive analysis
Deep-dive API security analysis (REST, GraphQL, WebSocket, gRPC, OAuth, Cache)