Evidence Structuring & Report Synthesis

Activation Triggers (Positive)

• write report
• consolidate findings
• severity
• remediation
• executive summary
• evidence table
• final deliverable

Exclusion Triggers (Negative)

• run exploit
• perform recon
• fuzz inputs
• live validation

Output Schema

• Confirmed findings table: id, title, severity, confidence, impact
• Evidence map: finding id to reproducible proof artifacts
• Remediation plan: prioritized fixes with verification guidance

Instructions

1. Separate confirmed findings from hypotheses and informational observations.
2. Deduplicate by root cause and attacker capability, not by endpoint count alone.
3. Assign severity from demonstrated impact and exploitability evidence.
4. Keep technical evidence concise, reproducible, and traceable.
5. Produce both technical and executive views from the same canonical evidence.
6. Mark open questions and explicitly state what remains unverified.

Should Do

• Preserve factual precision and reproducibility in every finding.
• Keep structure stable for machine parsing and downstream tracking.
• Tie remediation to the broken control and observed exploit path.

Should Not Do

• Do not inflate severity without demonstrated impact.
• Do not merge unrelated root causes into a single finding.
• Do not hide uncertainty; mark assumptions explicitly.