security-disclosure-triage
OfficialTriages advisories to separate real flaws.
Authorsuperagent-ai
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Verify whether an incoming security advisory is a real, disclosable vulnerability in a target repository checkout, and assign an honest severity. Use when triaging an advisory, GHSA, scanner finding, or draft report from the researcher/reporter side to decide if it is worth disclosing. Optimizes against false confirmations and inflated severity.
Core Features & Use Cases
- Reproduces the advisory construct to determine if it maps to a real vulnerability.
- Identifies the crown-jewel asset and the actual guard, reducing false positives.
- Produces structured triage outputs and a recommended disposition with severity calculations.
- Use Case: A security team receives a GHSA draft, and this skill guides evaluation from reproduction to disclosure decision.
Quick Start
Follow the triage framework to assess a new advisory against a target repository checkout and produce a triage report.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: security-disclosure-triage Download link: https://github.com/superagent-ai/skills/archive/main.zip#security-disclosure-triage Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.