Skip to main content
Status: Stable Version: 1.0.0 Author: Rifteo Tags: pentest, reporting, security
Installation 
rifteo-skills add pentest-report

Summary

Turn all confirmed findings from a testing engagement into a single, client-ready penetration test report covering executive summary through technical appendices.
  • Generates a cover page, executive summary (written for C-suite, no jargon), scope and methodology section, risk summary table ordered by severity, and full technical findings in finding-writer format
  • Pulls from confirmed findings, ENGAGEMENT.md, and scope details asks for missing information (test dates, tester name) rather than inventing it
  • Executive summary is written for a non-technical audience: what was tested, overall risk posture in plain language, the single most critical finding in business terms, and top 3 recommended actions
  • Recommendations summary cross-references finding IDs (F-01, F-02…) with immediate, medium, and hardening actions ordered by severity

SKILL.md file

Pentest Report Generator

Turn all findings from a testing engagement into a single, client-ready penetration test report. Auditors spend 30–40% of engagement time on reporting. This skill handles the structure, ordering, and framing you provide the findings.

When to Use This Skill

Use this skill when the user:
  • Says “generate the report”, “write the report”, “produce the deliverable”
  • Is at the end of an engagement and all findings are confirmed and written up
  • Wants a draft report to review before sending to the client

What You Need Before Starting

  • Confirmed findings (from finding-writer)
  • Engagement scope and target (from ENGAGEMENT.md or scope-grill output)
  • Test dates and tester names (asked for if not available)

How It Works

Section 1: Cover PageClient name, engagement title, date range, classification (Confidential), prepared by.Section 2: Executive Summary3–5 paragraphs written for a non-technical audience (C-suite, board):
  • What was tested and why
  • Overall risk posture in plain language
  • The single most critical finding, in business terms
  • Top 3 recommended actions
No technical jargon. No listing every finding.Section 3: Scope and MethodologyIn-scope targets, out-of-scope items, test type (black/grey/white box), test dates, tools and techniques (high level), and limitations.Section 4: Risk Summary Table
#TitleSeverityComponentStatus
F-01SQL Injection in /api/searchCriticalAPIConfirmed
Ordered by severity: Critical → High → Medium → Low → Info.Section 5: Technical FindingsOne section per finding in risk table order. Each finding uses the full finding-writer format: Title, Severity, CVSS, Description, Evidence, Impact, Recommendation, References.Section 6: Recommendations SummaryOrdered action list immediate (Critical/High) first, then Medium, then hardening. Cross-references finding IDs.Section 7: Appendices (if applicable)Full tool output, scope confirmation letter reference, methodology references.

Output

A complete, client-ready penetration test report in markdown format, ready for conversion to PDF or Word.

Known Limitations

  • The executive summary must be understandable by someone with no security background
  • Never includes unconfirmed findings suspected issues are marked “Requires Further Testing”
  • Every finding in the report must have a corresponding ID in the risk table
  • No generic security advice unrelated to the engagement

Benchmark Results

Tested on claude-sonnet-4-6 via Claude Code CLI. Same prompt, same model, same target. The only variable is whether the skill is loaded.
MetricWithout SkillWith Skill
Turns to complete11
Response tokens~7,144~5,444
Total time128s100s

finding-writer

Convert raw pentest notes into structured audit findings ready for reporting

scope-grill

Interviews the user about a pentest engagement before any testing begins

engagement-handoff

Documents the current engagement state so the next session can continue without losing context