Changelog
Initial release in the security skill pack.
How it works
1
Define scope
Checks arguments or asks what's being tested, test type, and approach
2
Load context
Reads architecture, infrastructure, and existing security docs from the brain
3
Pre-engagement checklist
Legal authorization, environment prep, monitoring notifications
4
Scope document
In-scope targets, out-of-scope systems, test types, known information
5
Flag concerns
Highlights unfixed audit findings and areas with no auth or sensitive data
6
Save
Writes to engineering/security/pentest-prep-<date>.md
Details
- Supports black box, grey box, and white box engagements
- Pre-engagement checklist covers legal, environment, and communication
- References existing threat models and audit findings if available
- Flags areas of concern the testing team should prioritize
- Includes template for rules of engagement