菜单
PTES-aligned adversarial security audit for backend, frontend, and mobile applications. Produces a CVSS-scored Hacker Report with verified PoCs and phased remediation.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Enforce Red-Team verification and adversarial protocol audit. Use when verifying tasks, performing self-scans, or checking for protocol violations. Load as composite for all sessions.
Probe for hardcoded secrets, injection surfaces, unguarded routes, business logic flaws, and platform-specific weaknesses across backend (Node, Go, Java, Python, Rust), frontend (React, Angular, Vue), and mobile (iOS, Android, Flutter) codebases. Use when performing security audits, vulnerability scans, secrets detection, or penetration testing.
Deep audit of a skills directory against the Skill Creator standard. Produces a scored report and phased remediation plan.
Clarify a rough product or engineering idea into a BRD-lite brief (Why) with measurable business value.
Run an AI-assisted PR code review using multi-layer lenses with confidence scoring.
Review an entire codebase against framework best practices and generate a prioritized improvement plan.
| name | pentest |
| description | PTES-aligned adversarial security audit for backend, frontend, and mobile applications. Produces a CVSS-scored Hacker Report with verified PoCs and phased remediation. |
| metadata | {"triggers":{"keywords":["pentest","workflow"]}} |
[!IMPORTANT] PTES-aligned adversarial security audit for backend, frontend, and mobile applications. Produces a CVSS-scored Hacker Report with verified PoCs and phased remediation.
Optional args: slug=, ticket=<id/url>, mode=interactive|autonomous|channel, channel=, auto_continue=true|false.
When the user asks to perform this workflow, execute the following steps:
Goal: Execute a red-team assessment across backend, frontend, and mobile targets with verified PoCs and audit-grade evidence.
Scope and authorization:
whitebox, greybox, blackbox) and targets.Intel and threat model:
common-security-audit, common-dast-tooling, and architecture docs when available.Vulnerability analysis:
specialist-aspm-correlator, dynamic/logic to specialist-logic-hacker, binary/mobile to specialist-mobile-reverser.exposure × sensitivity × auth_coverage.Exploit verification:
Reporting:
artifacts/security-review.md with assumptions, source provenance, review context, runtime contract, PoCs, blast radius, finding confidence, exploit path, evidence gaps, and handoff notes.artifacts/security-review.dev.md, artifacts/security-review.appsec.md, or artifacts/security-review.exec.md only when leadership, client, or AppSec reporting is in scope.security-review.md record when pentest follows earlier design or PR security review work.| ID | Title | Platform | Severity | CVSS | CWE | PoC |
|---|---|---|---|---|---|---|
| SEC-01 | [title] | [backend|frontend|mobile] | [Critical|High|Medium|Low] | [score] | [CWE-id] | [Yes|No] |