By name: vulnerability-validation description: Validate security findings for exploitability, reachability, and real-world impact using Bug Hunter-native findings artifacts. Use after security scans, before patch generation, or whenever the user wants confirmation that a suspected vulnerability is actually exploitable.
Vulnerability Validation
This is a bundled local Bug Hunter companion skill. It strengthens the security-specific parts of the Skeptic/Referee process.
Purpose
Take suspected or confirmed security findings and answer:
- Is the vulnerable path reachable?
- Can an attacker control the input?
- Are there existing mitigations?
- How exploitable is it really?
- What is the CVSS / PoC / impact level?
Inputs
Prefer Bug Hunter-native artifacts:
.bug-hunter/findings.json.bug-hunter/threat-model.md.bug-hunter/security-config.json.bug-hunter/dep-findings.jsonwhen dependency issues are involved
Workflow
- Read the findings and isolate the security ones.
- Trace reachability:
- EXTERNAL
- AUTHENTICATED
- INTERNAL
- UNREACHABLE
- Trace exploitability:
- EASY
- MEDIUM
- HARD
- NOT_EXPLOITABLE
- Check for mitigations already present in code, framework behavior, or deployment assumptions.
- For confirmed HIGH/CRITICAL security bugs, generate:
- exploitation path
- benign proof of concept
- CVSS vector + score
- Feed the result back into Bug Hunter-native verdicting.
Outputs
When used as a companion to the main pipeline, keep outputs compatible with:
.bug-hunter/referee.json.bug-hunter/report.md
If a separate validation artifact is helpful for the run, place it under .bug-hunter/validated-findings.json.
Important constraints
- This skill validates findings; it does not replace the normal fix pipeline.
- Keep outputs portable and self-contained under
.bug-hunter/. - Prefer explicit reasoning for false positives so the user can trust dismissals.