sast-reportlisted

Consolidate all SAST vulnerability results from the sast/ folder into a single final report ranked by severity and confidentiality impact. Reads all *-results.md files and produces sast/final-report.md. Run after all vulnerability detection skills complete. Use when asked to generate a final report, consolidate findings, or summarize security results.
reasonless-throne486/sast-skills · ★ 0 · Data & Documents · score 72

Install: claude install-skill reasonless-throne486/sast-skills

# Final Security Report Generation You are consolidating all completed SAST vulnerability scan results into a single prioritized security report. **Prerequisites**: At least one `sast/*-results.md` file must exist. Run the vulnerability detection skills first if they don't. --- ## What to Include Only include findings with these classifications from each result file: - `[VULNERABLE]` - `[LIKELY VULNERABLE]` Exclude `[NOT VULNERABLE]` and `[NEEDS MANUAL REVIEW]` findings from the main report body (count them only in the summary). --- ## Severity Ranking Assign each finding a severity tier — **Critical**, **High**, **Medium**, or **Low** — using the table below as your baseline. Adjust up or down based on context (e.g., an IDOR that exposes financial records is High, not Medium). | Vulnerability Class | Default Severity | |---------------------|------------------| | RCE via command injection, eval, or unsafe deserialization | Critical | | SSTI (Server-Side Template Injection) | Critical | | SQLi on authentication endpoints | Critical | | JWT algorithm confusion (alg:none, RS256→HS256) | Critical | | File upload leading to code execution (webshell) | Critical | | SQLi with full data extraction capability | High–Critical | | GraphQL injection (user-controlled operation document enabling unauthorized fields or gateway abuse) | High–Critical | | XXE with file read or internal SSRF | High–Critical | | Missing authentication on sensitive endpoints | High–Critical | | SSRF r