How does this skill reduce security noise?

It performs reachability and data flow analysis to determine if a theoretical vulnerability can actually be triggered by an external attacker, automatically filtering out findings in unreachable or dead code.

What inputs are required to run this skill?

You need a security-findings.json (typically from a security scan) and a .factory/threat-model.md file to provide necessary system context.

Does it actually exploit my production system?

No, the skill generates benign proof-of-concept payloads and documentation to demonstrate the vulnerability's existence without causing actual damage or data loss.

Can I target specific vulnerabilities for validation?

Yes, you can configure the skill to validate specific finding IDs or filter by a minimum severity level, such as only validating High and Critical findings.

How is the severity of a validated finding determined?

The skill calculates a CVSS 3.1 score based on the attack vector, complexity, required privileges, and the specific impact on confidentiality, integrity, and availability.

Security Vulnerability Validation

Name: Security Vulnerability Validation
Author: Factory-AI

byFactory-AI

보안 및 테스팅

Validates security scan results by performing reachability analysis and generating proof-of-concept exploits to confirm real-world exploitability.

소개

The Security Vulnerability Validation skill automates the critical process of triaging security findings by determining if a vulnerability is truly reachable and exploitable within the specific context of your codebase. By analyzing data flow, control chains, and existing mitigations, it effectively filters out false positives and provides actionable proof-of-concept (PoC) payloads. This allows developers and security teams to prioritize high-impact issues and move directly to remediation with confidence, significantly reducing the time spent investigating non-exploitable security noise.

주요 기능

False positive filtering to ensure only legitimate security risks are reported
Detailed CVSS 3.1 scoring to provide standardized severity assessments for all findings
0 GitHub stars
Control flow analysis to detect existing sanitization, encoding, or framework-level protections
Automated proof-of-concept (PoC) exploit generation for confirmed vulnerabilities
Reachability analysis to trace entry points and call chains from external input to vulnerable sinks

사용 사례

Triage automated security scan results before creating tickets or blocking pull requests
Perform deep-dive security reviews on high-severity findings to assess actual business risk
Generate reproducible exploit payloads to verify security patches during the remediation phase

소개

주요 기능

False positive filtering to ensure only legitimate security risks are reported
Detailed CVSS 3.1 scoring to provide standardized severity assessments for all findings
0 GitHub stars
Control flow analysis to detect existing sanitization, encoding, or framework-level protections
Automated proof-of-concept (PoC) exploit generation for confirmed vulnerabilities
Reachability analysis to trace entry points and call chains from external input to vulnerable sinks

사용 사례

Triage automated security scan results before creating tickets or blocking pull requests
Perform deep-dive security reviews on high-severity findings to assess actual business risk
Generate reproducible exploit payloads to verify security patches during the remediation phase