원클릭으로
zap-triage
Turn OWASP ZAP JSON reports into code-level remediation work for any authorized web application without launching unscoped scans.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Turn OWASP ZAP JSON reports into code-level remediation work for any authorized web application without launching unscoped scans.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Rust/Axum などで SPA 向け OAuth 2.0 / OpenID Connect BFF を実装・レビュー・検証する。ブラウザにアクセストークンやリフレッシュトークンを出さない設計、HttpOnly Cookie セッション、CSRF/CORS/Origin 検証、Hydra などの認可サーバー連携、Playwright でのログイン往復検証を扱うときに使用。
公式翻訳との比較から導出した技術書翻訳の品質基準。翻訳作業時に自動参照。
Build→Test→Feedback→Refineの反復改善ワークフロー。ツール開発時のフィードバックループとOSS検証を支援。
Claude Code TaskList と vibe-ticket の同期。タスク管理の状態を双方向で同期する。
LLM コーディングの 4 大失敗パターン(暗黙の仮定/過剰実装/関係ない箇所への手出し/成功基準の曖昧さ)を抑制するための行動規範。コード生成・編集・リファクタ時に参照。
AWS アカウントの FinOps 調査・コスト削減分析。ReadOnly + MFA 環境での非対話認証突破、Cost Explorer の読み解き罠、RI/SP の誤認パターン、レポート数値の分母混在を避けるための学び集。
| name | zap-triage |
| description | Turn OWASP ZAP JSON reports into code-level remediation work for any authorized web application without launching unscoped scans. |
| argument-hint | ["reports/zap-full.json"] |
| disable-model-invocation | true |
Use this skill after an authorized OWASP ZAP scan has produced JSON output. It is intentionally generic: it can be used with Rust, Rails, Django, Node, Go, Java, or any other web stack as long as the report and source code are available.
Return a compact triage report:
# ZAP triage
## Confirmed
| Risk | Alert | Route | Source | Recommended fix |
| --- | --- | --- | --- | --- |
## Fix Pattern
| Pattern | Vulnerable code shape | Safer code shape |
| --- | --- | --- |
## Needs Manual Check
| Risk | Alert | Why | Next command |
| --- | --- | --- | --- |
## Scan Notes
- Scope:
- Report:
- Exclusions or skipped rules:
- Residual risk:
- Follow-up scan:
Use this prompt shape when invoking the skill manually:
Use zap-triage.
Report: <path-to-zap-json-or-summary>
Application root: <path>
Target URL: <authorized-url>
Task: map High and Medium findings to source code and propose minimal remediations.
Do not run active scans unless I explicitly ask.