From akira
Generates Markdown penetration test reports from triage.md and session.json, formatting Scalpel-certified findings with executive summaries, severity tables, and kill chain details.
npx claudepluginhub kalpmodi/akiraThis skill uses the workspace's default tool permissions.
Reads `triage.md` (required) and `session.json` to produce a structured report.
Triages pentest findings across phases by running Precision Gate scoring, kill chain completeness checks, severity clustering, and prioritization for Scalpel-format reports.
Generates Markdown audit reports for confirmed smart contract vulnerabilities, including impact, code snippets, and fixes; writes to findings/ files for submission.
Provides CVSS 3.1 vector examples, executive summary template, technical finding template, and remediation language for pentest reports. Useful for drafting security assessments.
Share bugs, ideas, or general feedback.
Reads triage.md (required) and session.json to produce a structured report.
80-90% of content is pre-filled from report_draft.findings[] - this skill formats and narratizes, it does not discover.
Get target and report mode from user if not provided.
Read triage.md (required):
cat ~/pentest-toolkit/results/<target>/triage.md
If missing: stop and tell the user to run /triage <target> first.
Read session.json for Scalpel stats:
SESSION=~/pentest-toolkit/results/<target>/session.json
SCALPEL_SCORE=$(jq -r '.scalpel.snr.scalpel_score // "N/A"' $SESSION 2>/dev/null)
CERTIFIED=$(jq '.report_draft.findings | map(select(.status=="SCALPEL_CERTIFIED")) | length' $SESSION 2>/dev/null)
Read plan.md (optional):
cat ~/pentest-toolkit/results/<target>/plan.md 2>/dev/null
Get today's date:
date +%Y-%m-%d
Write report to ~/pentest-toolkit/results/<target>/report-<YYYY-MM-DD>.md:
# Penetration Test Report: <target>
**Date:** <YYYY-MM-DD>
**Assessor:** Akira / Red Team
---
## Scalpel Assessment Quality
| Metric | Value |
|--------|-------|
| Scalpel Score | <N>/100 |
| Certified Findings (SCL) | <N> |
| False Positives | 0 |
| KCCG Complete | <N>/<N> |
> Every finding below is Scalpel Certified — 5-layer Precision Gate passed,
> full Kill Chain proven, DNA fingerprinted, PoC generated.
---
## Executive Summary
**Scope:** <from plan.md, or "Quick engagement — no scope document recorded">
**Assessment Period:** <date>
<2-3 sentence summary of most critical certified findings and overall risk posture>
**Findings Summary:**
| Severity | SCL Certified | Potential |
|----------|--------------|-----------|
| Critical | <N> | <N> |
| High | <N> | <N> |
| Medium | <N> | <N> |
| Low | <N> | <N> |
---
## Certified Findings
### [SCL-YYYY-NNN] <Title>
SCALPEL CERTIFIED [SCL-YYYY-NNN] Severity: <Critical|High|Medium|Low> KCCG: /5 ( certified) Confidence: / 100 DNA: ... PoC: pocs/_poc.sh
**Severity:** <severity>
**CVSS Estimate:** <score> (AV:N/AC:L/PR:N/UI:N/...)
**Asset:** <affected endpoint>
**Weakness:** CWE-<N> — <name>
**Description:** <what the vulnerability is>
**Kill Chain:**
1. <step 1: technique and action>
2. <step 2: technique and action>
3. <step 3: technique and action>
**Impact:** <business impact — specific: "An attacker can extract AWS IAM credentials and access production S3 buckets containing customer database backups">
**Evidence:**
<direct HTTP response quote or tool output — must be from kill_chain evidence>
**Steps to Reproduce:**
```bash
# See pocs/<SCL-YYYY-NNN>_poc.sh for full reproduction script
# Key commands:
<step 1 command>
<step 2 command>
Remediation:
For each POTENTIAL finding from triage.md:
Status: POTENTIAL — Precision Gate incomplete Failed layers: What's needed to certify: Current evidence: Recommended next step:
Phases Completed: Phases Skipped: <list or "none"> Skills Chain: <skills used, e.g., /recon -> /secrets -> /exploit -> /zerodayhunt> Tools Used: subfinder, dnsx, httpx, nmap, gau, katana, trufflehog, gitleaks, feroxbuster, arjun, dalfox, nuclei, sqlmap, jwt_tool, httpx, naabu Scalpel Architecture: Every finding requires 5-layer Precision Gate + KCCG completeness before certification. Zero hallucinations — no claim without HTTP proof.
| SCL ID | File | Type | Size |
|---|---|---|---|
| pocs/_poc.sh | Bash | - | |
| pocs/_poc.http | Raw HTTP | - |
**Bug Bounty Mode** — if user selected bug bounty format, write `bugbounty-<YYYY-MM-DD>.md` instead with one file per finding:
```markdown
# Bug Report: <Title>
**SCL ID:** SCL-YYYY-NNN
**Severity:** Critical / High / Medium / Low
**CVSS Score:** <score> (<vector string>)
**Asset:** <affected domain/endpoint>
**Weakness:** CWE-<N> - <name>
**DNA:** sha256:<hash>... (unique fingerprint — not a duplicate)
## Summary
<2-3 sentences: what is the vulnerability and what can an attacker do?>
## Kill Chain
1. <step 1>
2. <step 2>
3. <step 3: impact demonstrated>
## Steps to Reproduce
<numbered steps — match kill_chain exactly>
## Impact
<Specific: "An attacker can..." not "data exposure">
## Supporting Evidence
<HTTP proof — exact response fragment from precision gate evidence>
```bash
<PoC command from poc.sh>
<Specific, actionable>
KCCG: /5 - Full kill chain proven Reproducible: Yes (/3 replays) Scalpel Score: /100
7. Tell the user: "Report written to `~/pentest-toolkit/results/<target>/report-<date>.md`."