Skills

analyze-findings

Installation
SKILL.md

Skill: Analyze Findings

A finding file bundles all of one rule's results. Read each result's code flow, split the bundle into distinct vulnerabilities, and give each a TP/FP verdict on its own evidence

Inputs

From the caller; if omitted, fall back to the default. Ask only when a required input is missing and has no sensible default

  • Findings to triage <findings> — the finding tracking file(s); each bundles all of one rule's SARIF results in sarif_hashes
  • SARIF report <report.sarif> — the raw scan output holding the code-flow traces. Default: .opentaint/results/report.sarif

Workflow

1. One result at a time — STOP checklist

For each hash in the bundle, before any verdict:

Installs
5
Repository
seqra/opentaint
GitHub Stars
73
First Seen
3 days ago
analyze-findings — seqra/opentaint