verify
Installation
SKILL.md
Fix Verification
Confirm that a security fix actually resolves the reported vulnerability.
Re-runs the specific check -- scanner rule or Claude analysis -- that
originally detected the issue. Outputs a clear verdict: FIXED or STILL
VULNERABLE with explanation. Updates the finding record in .appsec/findings.json.
Supported Flags
Read ../../shared/schemas/flags.md for the full flag specification.
| Flag | Verify Behavior |
|---|---|
--scope |
Identifies which findings to verify. Default: all findings with status fix-applied in scope. |
--depth quick |
Check only the exact location referenced in the finding. |
--depth standard |
Check the location + immediate callers and related code paths. |
--depth deep |
Standard + verify no variant of the vulnerability was introduced nearby. |
--depth expert |
Deep + attempt to construct a proof-of-concept that bypasses the fix. |
--severity |
Only verify findings at or above this severity. |
Related skills