name	perseus:audit
description	Use when analyzing components for vulnerabilities (Phase 2 - Parallel Analysis)

Perseus Audit (Phase 2)

Overview

This skill executes the Vulnerability Analysis Phase of the Perseus framework. It performs deep-dive white-box analysis on the components identified during the Scan phase.

Goal: Prove the potential for exploitation by finding source-to-sink paths lacking proper defense.

Methodology:

Launch 5 Agents in Parallel: Injection, XSS, Auth, Authz, SSRF.
Negative Analysis Loop: Trace Source -> Sanitizers -> Sink -> Verdict.
Exploit Queue: Generate actionable vulnerabilities for verification.

Confidence Scoring (Required)

Assign confidence to every finding:

Confidence	Criteria
High	Direct source-to-sink path with clear missing defense and reproducible trigger
Medium	Strong path evidence, but one assumption (runtime config/auth state) remains
Low	Pattern match only; data flow or trigger path is incomplete

Prioritize exploit queue in this order:

High + Critical/High severity
Medium + Critical/High severity
Remaining findings

Execution Instructions

Launch these 5 agents simultaneously using a single message with multiple Task tool calls:

Injection Analyst:
- "Trace untrusted input to SQL/Command sinks. Verify if sanitization matches sink context. Flag string concatenation in queries."
XSS Specialist:
- "Trace input to browser sinks (innerHTML, eval). Verify context-aware escaping. Flag raw HTML rendering."
Auth Specialist:
- "Analyze login/session logic. Check for bypasses, weak tokens, and missing MFA. Verify state/nonce in OAuth."
Authz Specialist:
- "Analyze permission checks (RBAC/ABAC). Check for IDOR and Privilege Escalation. Verify every protected route has a guard."
SSRF Specialist:
- "Trace input to outbound request sinks. Verify URL validation and allowlists. Check for local network access."

Analysis Methodology (The "Negative Analysis" Loop)

For each agent, enforce this loop:

Trace Source: Identify where untrusted data enters (from Scan phase).
Trace Flow: Follow variables through functions, middleware, and transforms.
Identify Sink: Where does the data end up? (DB, Screen, Log, Shell).
Verify Defense:
- Is there validation? (e.g., zod.parse)
- Is there sanitization? (e.g., escapeHtml)
- Is it parameterized? (e.g., Prepared Statements)
Verdict:
- VULNERABLE: Path exists + Defense missing/mismatched. -> Add to Exploit Queue
- SAFE: Defense is robust. -> Document as Secure

Output Requirements

Each agent must produce a specialized report in deliverables/:

injection_analysis.md
xss_analysis.md
auth_analysis.md
authz_analysis.md
ssrf_analysis.md

For each finding include:

Finding ID
Source -> Sink Path
Missing or Mismatched Defense
Preconditions
Confidence: High | Medium | Low
Exploit Candidate: Yes | No (and reason)

Next Step: Proceed to perseus:exploit to verify findings with Proof-of-Concept.

name	perseus:audit
description	Use when analyzing components for vulnerabilities (Phase 2 - Parallel Analysis)

Perseus Audit (Phase 2)

Overview

This skill executes the Vulnerability Analysis Phase of the Perseus framework. It performs deep-dive white-box analysis on the components identified during the Scan phase.

Goal: Prove the potential for exploitation by finding source-to-sink paths lacking proper defense.

Methodology:

Launch 5 Agents in Parallel: Injection, XSS, Auth, Authz, SSRF.
Negative Analysis Loop: Trace Source -> Sanitizers -> Sink -> Verdict.
Exploit Queue: Generate actionable vulnerabilities for verification.

Confidence Scoring (Required)

Assign confidence to every finding:

Confidence	Criteria
High	Direct source-to-sink path with clear missing defense and reproducible trigger
Medium	Strong path evidence, but one assumption (runtime config/auth state) remains
Low	Pattern match only; data flow or trigger path is incomplete

Prioritize exploit queue in this order:

High + Critical/High severity
Medium + Critical/High severity
Remaining findings

Execution Instructions

Launch these 5 agents simultaneously using a single message with multiple Task tool calls:

Injection Analyst:
- "Trace untrusted input to SQL/Command sinks. Verify if sanitization matches sink context. Flag string concatenation in queries."
XSS Specialist:
- "Trace input to browser sinks (innerHTML, eval). Verify context-aware escaping. Flag raw HTML rendering."
Auth Specialist:
- "Analyze login/session logic. Check for bypasses, weak tokens, and missing MFA. Verify state/nonce in OAuth."
Authz Specialist:
- "Analyze permission checks (RBAC/ABAC). Check for IDOR and Privilege Escalation. Verify every protected route has a guard."
SSRF Specialist:
- "Trace input to outbound request sinks. Verify URL validation and allowlists. Check for local network access."

Analysis Methodology (The "Negative Analysis" Loop)

For each agent, enforce this loop:

Trace Source: Identify where untrusted data enters (from Scan phase).
Trace Flow: Follow variables through functions, middleware, and transforms.
Identify Sink: Where does the data end up? (DB, Screen, Log, Shell).
Verify Defense:
- Is there validation? (e.g., zod.parse)
- Is there sanitization? (e.g., escapeHtml)
- Is it parameterized? (e.g., Prepared Statements)
Verdict:
- VULNERABLE: Path exists + Defense missing/mismatched. -> Add to Exploit Queue
- SAFE: Defense is robust. -> Document as Secure

Output Requirements

Each agent must produce a specialized report in deliverables/:

injection_analysis.md
xss_analysis.md
auth_analysis.md
authz_analysis.md
ssrf_analysis.md

For each finding include:

Finding ID
Source -> Sink Path
Missing or Mismatched Defense
Preconditions
Confidence: High | Medium | Low
Exploit Candidate: Yes | No (and reason)

Next Step: Proceed to perseus:exploit to verify findings with Proof-of-Concept.

perseusaudit

Perseus Audit (Phase 2)

Overview

Confidence Scoring (Required)

Execution Instructions

Analysis Methodology (The "Negative Analysis" Loop)

Output Requirements

同仓库更多 Skills

同仓库更多 Skills

Perseus Audit (Phase 2)

Overview

Confidence Scoring (Required)

Execution Instructions

Analysis Methodology (The "Negative Analysis" Loop)

Output Requirements