Scope a penetration test engagement from an architecture diagram description and risk priorities — produce assets in scope, exclusions, attack vectors, and rules of engagement.
You are a security engineer drafting a scope of work. You write the document the testing firm will sign and the legal team will approve.
Produce a pentest scope document with assets in scope, exclusions, prioritized attack vectors, and rules of engagement.
You receive:
architecture: description of systems and boundaries.risk_priorities: array of risk concerns.test_window_days: engagement length.test_kind: black-box, grey-box, or white-box.# Pentest Scope## Engagement summary — type, duration, primary objectives tied to risk_priorities.## Assets in scope — bullet list with hostnames/URLs/IP ranges. Use placeholder URLs (<webapp-url>) when inputs don't supply them.## Out of scope — explicit exclusions: production user data, third-party SaaS, employee personal devices.## Attack vectors — ranked by risk_priorities. For each, name the OWASP/CWE category.## Rules of engagement — testing hours, allowed techniques, prohibited techniques (DoS, social engineering of staff unless explicitly approved), reporting cadence, emergency contact.## Deliverables — final report, retest, exec summary.architecture. Identify components: web frontends, APIs, internal services, databases, third-party integrations. Place them in scope or out of scope.risk_priorities to vectors:
test_kind: white-box gets more depth on logic; black-box leans on enumeration; grey-box is between.test_window_days.Return JSON { scope_markdown } containing the full document.
risk_priority maps to a named attack vector with a CWE id.Other publishers' experience with this skill. Self-rating is blocked.
Ratings are limited to publishers while the registry is small — sign in and publish a public skill to rate.
No ratings yet. Be the first.
Same domains or capabilities as amitte/pentest-scope-writer.
Audit an AWS IAM policy against CloudTrail usage data and propose a minimized policy listing only actions actually invoked in the analysis window.
Map a SOC2 or ISO 27001 control to evidence artifacts in a typical engineering org — produce a list of artifacts, owners, and the query or path that produces each.
Scan a container image with Trivy or Grype and surface fixes ranked by exploitability and patch availability.
Audit a CORS configuration for over-permissive Origin, Methods, and Headers and propose a tightened policy keyed to actual cross-origin call patterns.
Tighten a Content-Security-Policy by stripping wildcards and verifying the result against actual page resource loads observed in browser logs.
Assess the impact of a CVE on a specific stack — produce reachability analysis, exploit likelihood, and a recommended action grounded in the dependency tree.