santosomar/pt-analysis-reporting
skills/pt-analysis-reporting/SKILL.md
Produces penetration test reports with executive summary, technical findings, and remediation guidance. Use when consolidating test evidence, prioritizing risk, and preparing stakeholder-ready deliverables.
$ install --global
skillsauthnpx skillsauth add santosomar/ethical-hacking-agent-skills pt-analysis-reportingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 6:19 PM141.2s1 file scanned
SKILL.md
- name:
- pt-analysis-reporting
- description:
- Produces penetration test reports with executive summary, technical findings, and remediation guidance. Use when consolidating test evidence, prioritizing risk, and preparing stakeholder-ready deliverables.
Pen Test Analysis and Reporting
Objectives
- Translate technical outcomes into business risk.
- Provide reproducible technical detail for remediation teams.
- Deliver prioritized, actionable fixes with retest criteria.
Workflow
- Consolidate evidence:
- Gather outputs from recon, scanning, exploitation, and persistence testing
- Normalize severity/risk ratings and remove duplicates
- Build executive narrative:
- Overall security posture
- Top risks and likely business impact
- Immediate leadership actions
- Build technical findings:
- One finding per vulnerability or attack path
- Include evidence, reproduction path, and affected assets
- Define remediation plan:
- Tactical fixes (short term)
- Structural improvements (long term)
- Ownership and retest requirements
- Final QA:
- Validate evidence links
- Ensure claims are supportable and scope-accurate
Report Template
# Penetration Test Report
## Executive Summary
- Overall risk posture:
- Highest-priority risks:
- Recommended executive actions:
## Methodology and Scope
- Scope:
- Test windows:
- Constraints:
- Stages performed:
## Technical Findings
### Finding: [Title]
- Severity:
- Affected assets:
- Evidence:
- Reproduction summary:
- Impact:
- Remediation:
- Retest steps:
## Prioritized Remediation Roadmap
1. [Action] - Owner - Target date
2. [Action] - Owner - Target date
## Appendix
- Tools and versions:
- Evidence inventory:
Quality Checks
- Every finding maps to evidence and scope.
- Remediation is specific, testable, and owned.
- Executive summary avoids jargon and states business risk clearly.
Related Skills
santosomar/pt-web-application-assessment
development
VerifiedTrustedCommunity
Performs authorized web application and API penetration testing with focus on OWASP-style risks and business logic flaws. Use when assessing websites, web APIs, authentication flows, session handling, and input validation.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-scanning
testing
VerifiedTrustedCommunity
Performs authorized security scanning using static, dynamic, and vulnerability-focused methods. Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-report-creation
testing
VerifiedTrustedCommunity
Creates penetration test deliverables for executive and technical audiences, including prioritized findings and remediation plans. Use when drafting, structuring, or finalizing pen test reports from collected evidence.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-post-exploitation
testing
VerifiedTrustedCommunity
Performs authorized post-exploitation activities to assess impact, lateral movement paths, credential exposure, and detection gaps after initial compromise. Use when a foothold has been validated and the test requires controlled impact expansion analysis.
12SKILL.mdUpdated Apr 25, 2026