pt-analysis-reporting - SKILL.md Agent Skill

name: pt-analysis-reporting description: Produces penetration test reports with executive summary, technical findings, and remediation guidance. Use when consolidating test evidence, prioritizing risk, and preparing stakeholder-ready deliverables.

Pen Test Analysis and Reporting

Objectives

Translate technical outcomes into business risk.
Provide reproducible technical detail for remediation teams.
Deliver prioritized, actionable fixes with retest criteria.

Workflow

Consolidate evidence:
- Gather outputs from recon, scanning, exploitation, and persistence testing
- Normalize severity/risk ratings and remove duplicates
Build executive narrative:
- Overall security posture
- Top risks and likely business impact
- Immediate leadership actions
Build technical findings:
- One finding per vulnerability or attack path
- Include evidence, reproduction path, and affected assets
Define remediation plan:
- Tactical fixes (short term)
- Structural improvements (long term)
- Ownership and retest requirements
Final QA:
- Validate evidence links
- Ensure claims are supportable and scope-accurate

Report Template

# Penetration Test Report

## Executive Summary
- Overall risk posture:
- Highest-priority risks:
- Recommended executive actions:

## Methodology and Scope
- Scope:
- Test windows:
- Constraints:
- Stages performed:

## Technical Findings
### Finding: [Title]
- Severity:
- Affected assets:
- Evidence:
- Reproduction summary:
- Impact:
- Remediation:
- Retest steps:

## Prioritized Remediation Roadmap
1. [Action] - Owner - Target date
2. [Action] - Owner - Target date

## Appendix
- Tools and versions:
- Evidence inventory:

Quality Checks

Every finding maps to evidence and scope.
Remediation is specific, testable, and owned.
Executive summary avoids jargon and states business risk clearly.