What is the main benefit of using this skill?

It reduces security alert fatigue by filtering out false positives and providing clear evidence of exploitability for real vulnerabilities through code-path analysis.

Can it generate exploits for any programming language?

It performs logic-based analysis using Claude's understanding of the codebase context, supporting most major languages including JavaScript, Python, Java, and Go.

Is the PoC generation safe to run?

The skill is instructed to create benign payloads that demonstrate the vulnerability (like triggering a harmless alert or bypass) without causing actual system damage.

How does it calculate the severity of a finding?

The skill uses the industry-standard CVSS 3.1 framework, evaluating metrics like Attack Vector, Complexity, and Privileges Required to assign a precise score.

Does this skill require prior scan results?

Yes, it requires a security-findings.json file, typically generated by a static analysis tool or the commit-security-scan skill, and a threat model.

Vulnerability Validation Security Engineer

Name: Vulnerability Validation Security Engineer
Author: Factory-AI

byFactory-AI

•

Seguridad y Pruebas

Validates security scan findings by analyzing reachability, exploitability, and generating proof-of-concept exploits to eliminate false positives.

The Vulnerability Validation skill transforms raw security scan data into actionable intelligence by performing deep-dive analysis on potential threats. It traces data flow from external entry points to vulnerable sinks, assesses the effectiveness of existing mitigations, and determines the true exploitability of each finding. By generating concrete proof-of-concept payloads and calculating accurate CVSS 3.1 scores, it helps security teams prioritize critical fixes while filtering out noisy false positives that would otherwise stall development workflows.

Características Principales

01Standardized CVSS 3.1 severity scoring

02Automated reachability and control flow analysis

033 GitHub stars

04Detailed exploitation path documentation

05Benign proof-of-concept (PoC) exploit generation

06False positive filtering with documented evidence

Casos de Uso

01Prioritizing high-severity vulnerabilities for patching based on actual exploitability

02Validating findings from automated security scans before blocking a Pull Request

03Generating documentation and PoCs for security audits and compliance reviews

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add factory-ai/factory-plugins vulnerability-validation

For use in Claude.ai and ChatGPT

Características Principales

01Standardized CVSS 3.1 severity scoring

02Automated reachability and control flow analysis

033 GitHub stars

04Detailed exploitation path documentation

05Benign proof-of-concept (PoC) exploit generation

06False positive filtering with documented evidence

Casos de Uso

01Prioritizing high-severity vulnerabilities for patching based on actual exploitability

02Validating findings from automated security scans before blocking a Pull Request

03Generating documentation and PoCs for security audits and compliance reviews

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add factory-ai/factory-plugins vulnerability-validation

For use in Claude.ai and ChatGPT