vuln-analysis-expert
WooYun Vulnerability Analysis
Goal
Use the WooYun case library to classify a suspected vulnerability, derive root-cause hypotheses, and shape focused test or remediation guidance.
Guardrails
- Use only for authorized security analysis.
- Prefer evidence-backed hypotheses over speculation.
- Separate reproduction guidance from remediation guidance.
Workflow (short)
- Classify the issue type (e.g., SQLi, XSS, logic, authz).
- Load the matching knowledge file or category set.
- Map observed behavior to known patterns and bypasses.
- Produce: test plan, impact assessment, and remediation notes.
References (load when needed)
vuln-analysis-expert/knowledge/: deep guides by vulnerability type.vuln-analysis-expert/categories/: full case extracts (large).vuln-analysis-expert/examples/: sample analyses.vuln-analysis-expert/PROGRESS.md: extraction status and coverage.
More from aleister1102/skills
codeql
>-
26ffuf-web-fuzzing
Expert guidance for ffuf web fuzzing during penetration testing, including authenticated fuzzing with raw requests, auto-calibration, and result analysis
24brainstorming
You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation.
24prompt-optimizer
Transform vague prompts into precise, well-structured specifications using EARS (Easy Approach to Requirements Syntax) methodology. This skill should be used when users provide loose requirements, ambiguous feature descriptions, or need to enhance prompts for AI-generated code, products, or documents. Triggers include requests to "optimize my prompt", "improve this requirement", "make this more specific", or when raw requirements lack detail and structure.
24skill-creator
Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, update or optimize an existing skill, run evals to test a skill, benchmark skill performance with variance analysis, or optimize a skill's description for better triggering accuracy.
23semgrep
>-
23