vulnerability-validationlisted

# Vulnerability Validation This is a bundled local Bug Hunter companion skill. It strengthens the security-specific parts of the Skeptic/Referee process. ## Purpose Take suspected or confirmed security findings and answer: - Is the vulnerable path reachable? - Can an attacker control the input? - Are there existing mitigations? - How exploitable is it really? - What is the CVSS / PoC / impact level? ## Inputs Prefer Bug Hunter-native artifacts: - `.bug-hunter/findings.json` - `.bug-hunter/threat-model.md` - `.bug-hunter/security-config.json` - `.bug-hunter/dep-findings.json` when dependency issues are involved ## Workflow 1. Read the findings and isolate the security ones. 2. Trace reachability: - EXTERNAL - AUTHENTICATED - INTERNAL - UNREACHABLE 3. Trace exploitability: - EASY - MEDIUM - HARD - NOT_EXPLOITABLE 4. Check for mitigations already present in code, framework behavior, or deployment assumptions. 5. For confirmed HIGH/CRITICAL security bugs, generate: - exploitation path - benign proof of concept - CVSS vector + score 6. Feed the result back into Bug Hunter-native verdicting. ## Outputs When used as a companion to the main pipeline, keep outputs compatible with: - `.bug-hunter/referee.json` - `.bug-hunter/report.md` If a separate validation artifact is helpful for the run, place it under `.bug-hunter/validated-findings.json`. ## Important constraints - This skill validates findings; it does not replace the normal fix pipe