santosomar/pt-report-creation
skills/pt-report-creation/SKILL.md
Creates penetration test deliverables for executive and technical audiences, including prioritized findings and remediation plans. Use when drafting, structuring, or finalizing pen test reports from collected evidence.
$ install --global
skillsauthnpx skillsauth add santosomar/ethical-hacking-agent-skills pt-report-creationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 6:21 PM120.1s1 file scanned
SKILL.md
- name:
- pt-report-creation
- description:
- Creates penetration test deliverables for executive and technical audiences, including prioritized findings and remediation plans. Use when drafting, structuring, or finalizing pen test reports from collected evidence.
Pen Test Report Creation
Objectives
- Convert assessment evidence into clear stakeholder-ready reporting.
- Provide technical depth for remediation teams and concise risk framing for leadership.
- Produce actionable remediation and retest guidance.
Workflow
- Collect and normalize evidence:
- Consolidate outputs from all test phases
- Deduplicate related findings and validate source evidence
- Draft executive section:
- Overall risk posture and top business risks
- Key decisions and immediate actions for leadership
- Draft technical findings:
- One finding per issue or exploit chain
- Include affected assets, reproduction summary, impact, and fixes
- Build remediation roadmap:
- Prioritize by exploitability and business impact
- Assign owner, timeline, and verification criteria
- Final QA pass:
- Verify clarity, evidence traceability, and scope alignment
- Remove ambiguity and unsupported claims
Report Template
# Penetration Test Report
## Executive Summary
- Overall security posture:
- Top business risks:
- Immediate leadership actions:
## Scope and Methodology
- In scope:
- Out of scope:
- Test windows and constraints:
- Method summary:
## Findings
### [Finding Title]
- Severity:
- Affected assets:
- Evidence:
- Reproduction summary:
- Technical impact:
- Business impact:
- Remediation:
- Retest criteria:
## Prioritized Remediation Plan
1. [Action] - Owner - Due date - Validation method
2. [Action] - Owner - Due date - Validation method
## Appendix
- Tooling and versions:
- Evidence index:
Quality Checks
- Executive content is concise and non-technical.
- Technical findings are reproducible and evidence-backed.
- Remediation steps are specific, testable, and prioritized.
Related Skills
santosomar/pt-web-application-assessment
development
VerifiedTrustedCommunity
Performs authorized web application and API penetration testing with focus on OWASP-style risks and business logic flaws. Use when assessing websites, web APIs, authentication flows, session handling, and input validation.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-scanning
testing
VerifiedTrustedCommunity
Performs authorized security scanning using static, dynamic, and vulnerability-focused methods. Use when mapping exposed services, profiling application behavior, and identifying known weaknesses for validation.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-post-exploitation
testing
VerifiedTrustedCommunity
Performs authorized post-exploitation activities to assess impact, lateral movement paths, credential exposure, and detection gaps after initial compromise. Use when a foothold has been validated and the test requires controlled impact expansion analysis.
12SKILL.mdUpdated Apr 25, 2026
santosomar/pt-planning-recon
development
VerifiedTrustedCommunity
Defines penetration test scope and performs authorized reconnaissance using passive and active methods. Use when planning a test engagement, collecting target intelligence, building asset inventories, or preparing recon findings.
12SKILL.mdUpdated Apr 25, 2026