CVE Triage & Prioritization -- CVSS 4.0 / SSVC 2.1 / EPSS / CISA KEV

Live Context (auto-populated)

• CISA KEV catalog version: !curl -sf https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json | python3 -c "import sys,json; d=json.load(sys.stdin); print(f'v{d.get(\"catalogVersion\",\"unknown\")} ({d.get(\"count\",\"?\")} entries, updated {d.get(\"dateReleased\",\"unknown\")})')" 2>/dev/null || echo "unavailable -- use WebFetch to query manually"

Frameworks: CVSS 4.0 (FIRST.org), SSVC 2.1 (CERT/CC), EPSS (FIRST.org), CISA KEV Role: SOC Analyst, Security Engineer, vCISO Time: 10-20 min per CVE Output: Prioritized remediation recommendation with SLA assignment, SSVC decision, and business risk context

When to Use

If a target is provided via arguments, focus the review on: $ARGUMENTS

Use this skill when a CVE identifier appears in conversation, when vulnerability scan results (Qualys, Tenable, Rapid7, Snyk, Trivy, Grype) are shared, when a user asks "should we patch this?", or when prioritizing a backlog of vulnerabilities for remediation. This skill converts raw vulnerability data into actionable, SLA-bound remediation decisions.

Do not use when: The task is about writing detection rules (use detection-engineering), performing forensic investigation of an exploited vulnerability (use ir-playbook), or analyzing software composition without CVE context (use sbom-analysis).