aeondave/external-feedback-triage
knowledge/external-feedback-triage/SKILL.md
Triage external technical feedback before applying it. Use for code reviews, scanner findings, exploit PoC notes, blog advice, LLM suggestions, issue comments, and advisory recommendations. Verifies context fit, evidence, risk, and minimal changes instead of accepting or rejecting feedback performatively.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill external-feedback-triageInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 5, 2026, 4:12 AM122.5s2 files scanned
SKILL.md
- name:
- external-feedback-triage
- description:
- Triage external technical feedback before applying it. Use for code reviews, scanner findings, exploit PoC notes, blog advice, LLM suggestions, issue comments, and advisory recommendations. Verifies context fit, evidence, risk, and minimal changes instead of accepting or rejecting feedback performatively.
- license:
- MIT
- compatibility:
- AgentSkills-compatible review workflow for coding, research, and authorized security assessment.
- author:
- AeonDave
- version:
- 1.0
External Feedback Triage
Treat every external suggestion as a hypothesis until it is checked against the current scope and evidence.
When to activate
- A scanner, reviewer, model, blog, PoC README, advisory, or issue says what to fix or exploit.
- Feedback conflicts with local evidence.
- A requested change feels broad, risky, noisy, or unrelated to the original task.
Triage loop
- Restate feedback in neutral technical terms.
- Check applicability: version, platform, configuration, code path, permissions, and scope.
- Classify severity: critical correctness, security risk, maintainability, style, or preference.
- Verify evidence before acting: reproduction, source citation, local test, or manual replay.
- Choose action: apply, adapt, defer, reject, or ask for clarification.
- Patch minimally when acting; do not bundle unrelated cleanup.
- Report disagreement with evidence when rejecting or narrowing feedback.
Pushback is useful
Do not agree just because feedback sounds authoritative. Push back when:
- it assumes an unsupported threat model
- it requires out-of-scope access or noisy actions
- it solves a different version/configuration
- it adds abstraction without repeated need
- it weakens tests, evidence, or operator safety
Output contract
For non-trivial feedback, return:
- feedback summary
- applicability result
- action taken or rejected
- evidence checked
- remaining risk or follow-up
Resources
Load on demand:
references/review-feedback.md— decision table for reviews, scanner output, advisories, PoCs, and model suggestions.
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026