---
name: pentest-evidence-structuring-report-synthesis
description: "Security assessment skill for structuring evidence, deduplicating findings, and producing decision-ready security reports. Use when prompts include write report, consolidate findings, severity ranking, remediation guidance, executive summary, or technical appendix generation. Do not use for live exploit execution, reconnaissance, or payload experimentation tasks."
---

# Evidence Structuring & Report Synthesis

## Activation Triggers (Positive)
- `write report`
- `consolidate findings`
- `severity`
- `remediation`
- `executive summary`
- `evidence table`
- `final deliverable`

## Exclusion Triggers (Negative)
- `run exploit`
- `perform recon`
- `fuzz inputs`
- `live validation`

## Output Schema
- Confirmed findings table: `id`, `title`, `severity`, `confidence`, `impact`
- Evidence map: `finding id` to reproducible proof artifacts
- Remediation plan: prioritized fixes with verification guidance

## Instructions
1. Separate confirmed findings from hypotheses and informational observations.
2. Deduplicate by root cause and attacker capability, not by endpoint count alone.
3. Assign severity from demonstrated impact and exploitability evidence.
4. Keep technical evidence concise, reproducible, and traceable.
5. Produce both technical and executive views from the same canonical evidence.
6. Mark open questions and explicitly state what remains unverified.

## Should Do
- Preserve factual precision and reproducibility in every finding.
- Keep structure stable for machine parsing and downstream tracking.
- Tie remediation to the broken control and observed exploit path.

## Should Not Do
- Do not inflate severity without demonstrated impact.
- Do not merge unrelated root causes into a single finding.
- Do not hide uncertainty; mark assumptions explicitly.