Skip to main content
在 Manus 中运行任何 Skill
一键导入

sast-finding-validation

星标2
分支1
更新时间2026年7月9日 12:42

Dynamically validate SAST findings against a running target to separate real issues from false positives. Use AFTER the detection skills have produced findings/*.md and you have a reachable, IN-SCOPE, authorized environment. Gathers the credentials/scope needed, runs access-control checks FIRST, then tests each finding in priority order using its Burp-pasteable request, and finally validates the ATTACK CHAINS end-to-end (each primitive handoff). Default posture: PROVE EXISTENCE / FEASIBILITY with a benign PoC — do NOT weaponize or exploit.

安装

用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。

SKILL.md
readonly