reporting
Exploitation finding documentation — initial access reports, exploit chain documentation, CVSS v4.0 scoring, shell/credential inventory, detection gap analysis.
Best for Penetration testersWorks with GitHubLow risk
⌘source
- author
@PurpleAILAB- language
- Python
★2.1kstars
366forks
Apr 18, 2026
✦overview.md
Key Features
- ·Documents exploitation findings in a structured Markdown template
- ·Assigns CVSS v4.0 scores and vectors for impact assessment
- ·Tracks shells, credentials, and detection gaps
- ·References MITRE ATT&CK techniques and CWE identifiers
- ·Organizes findings by severity and ID in a dedicated directory
Use Cases
- →Writing a detailed report after gaining initial access to a target system
- →Documenting a full exploit chain for a penetration testing engagement
- →Creating a shell and credential inventory following a successful breach
Best for
- ✓Penetration testers
- ✓Red team operators
- ✓Security assessment reporting
Not ideal for
- !General-purpose documentation
- !Non-security-related reporting
FAQs
name
reporting
description
Exploitation finding documentation — initial access reports, exploit chain documentation, CVSS v4.0 scoring, shell/credential inventory, detection gap analysis.
allowed-tools:Read Write
metadata:{"subdomain":"reporting","when_to_use":"write finding, document exploit, exploitation report, access achieved, shell obtained, credential found","tags":"report, exploit, findings, cvss, shells, creds, detection-gap","mitre_attack":"TA0001, TA0002"}
Exploitation Reporting Knowledge Base
Exploitation findings are only operationally useful when documented with enough precision that anyone can reproduce the access, understand the impact, and trace the full attack path. This skill defines how to structure, score, and persist exploitation findings within the Decepticon engagement directory.
1. Exploitation Finding Template
Every successful exploitation MUST produce a finding Markdown file in /workspace/<slug>/findings/ named {severity}-{slugified-title}.md. The id field in YAML frontmatter (FIND-001, FIND-002, ...) is the canonical cross-reference — determine the next ID by counting existing files.
---
id: FIND-001
severity: CRITICAL
cvss_score: 9.3
cvss_vector: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
cwe: CWE-78
mitre: T1190
affected_target: 10.0.1.50
affected_component: "Apache Struts 2.5.30 — /struts2/upload.action"
confidence: confirmed
objective_id: OBJ-EXP-001
phase: initial-access
agent: exploit
detected: false
remediation_priority: immediate
discovered_at: "2026-04-06T14:32:00Z"
---
$install
1-click copynpx skills add PurpleAILAB/Decepticon --skill reportingSafety assessment
★
Clarity score
How clear and easy to understand the SKILL.md instructions are, rated from 1 to 5.
5/ 5
excellentVery clear and well structured, with almost no room for misunderstanding.
◎
Actionability score
How directly an agent can act on the SKILL.md instructions, rated from 1 to 5.
5/ 5
very highHighly actionable with clear, concrete steps that an agent can follow directly.