pentest-validation
Installation
SKILL.md
Pentest Validation
<default_to_action> When validating security findings:
- REQUIRE explicit authorization for target URL
- SCAN with qe-security-scanner (SAST + dependency + secrets)
- ANALYZE with qe-security-reviewer + qe-security-auditor (parallel)
- VALIDATE with qe-pentest-validator (graduated exploitation, parallel per vuln type)
- REPORT only confirmed findings with PoC evidence ("No Exploit, No Report")
- UPDATE exploit playbook with new patterns
Quality Gates:
- Authorization confirmed before ANY exploitation
- Target URL is staging/dev (NOT production)
- Budget cap enforced ($15 default)
- Time cap enforced (30 min default)
- All exploitation attempts logged </default_to_action>