Teknium 263e008d6b feat(skills): add web-pentest optional skill (#32265) ... Adds optional-skills/security/web-pentest/ — an authorized web app penetration testing skill adapted from Shannon's methodology (concepts only; AGPL-clean fresh implementation). Phased: recon (read-only) → vuln analysis (delegate_task per OWASP class) → proof-based exploitation → report. Guardrails baked in: - Authorization gate before first active scan (templates/authorization.md) - Scope allowlist (scope.txt) consulted by recon-scan.sh and documented as the rule for every active request - Aux-client leakage warning (compression + title gen replay history; payloads/creds must not enter chat verbatim) - Bypass-exhaustion discipline before false-positive classification - L3/L4 (proof-required) for reportable findings; L1/L2 listed as candidates only Closes #400. Supersedes #21845 (plugin-shaped proposal; skill-shaped is cheaper and matches the existing optional-skills/security/ pattern).		2026-05-25 14:51:41 -07:00
..
1password	feat(optional-skills): declare platforms frontmatter for all 63 undeclared skills	2026-05-08 14:27:40 -07:00
oss-forensics	fix(skills): move platforms key out of folded description: > scalars	2026-05-08 14:27:40 -07:00
sherlock	feat(optional-skills): declare platforms frontmatter for all 63 undeclared skills	2026-05-08 14:27:40 -07:00
web-pentest	feat(skills): add web-pentest optional skill (#32265)	2026-05-25 14:51:41 -07:00
DESCRIPTION.md	fix(skills): improve 1password skill — env var prompting, auth docs, broken examples	2026-03-13 08:46:49 -07:00