CtrlK
BlogDocsLog inGet started
Tessl Logo

exploitability-analyzer

Analyze detected vulnerabilities to assess realistic exploitability by examining control flow, input sources, sanitization logic, and execution context. Use when users need to: (1) Determine if a vulnerability is actually exploitable in practice, (2) Assess severity and impact of security issues, (3) Prioritize vulnerability remediation, (4) Understand attack vectors and exploitation conditions, (5) Generate exploitability reports with proof-of-concept scenarios. Focuses on injection vulnerabilities (SQL, command, XSS, path traversal, LDAP) with detailed analysis of reachability, controllability, sanitization, and impact.

91

1.32x
Quality

88%

Does it follow best practices?

Impact

97%

1.32x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Evaluation results

100%

38%

E-commerce User Lookup Security Review

SQL injection exploitability assessment with structured report

Criteria
Without context
With context

Vulnerability type identified

100%

100%

Source identified

66%

100%

Transformations documented

66%

100%

Sink identified

66%

100%

Reachability rated with explanation

33%

100%

Controllability rated with explanation

16%

100%

Sanitization rated with explanation

33%

100%

Impact rated with explanation

71%

100%

Overall exploitability rating

37%

100%

Correct exploitability rating

70%

100%

Proof-of-concept included

80%

100%

Remediation includes parameterized query

100%

100%

Report structure follows format

22%

100%

Action urgency stated

100%

100%

100%

23%

File Conversion API Security Assessment

Command injection with weak sanitization bypass analysis

Criteria
Without context
With context

Vulnerability type identified

100%

100%

Source documented in data flow

33%

100%

Transformations include blacklist check

57%

100%

Sink is shell execution

50%

100%

Sanitization rated as Weak (not Strong or Partial)

66%

100%

Blacklist bypass characters identified

100%

100%

Reachability assessed

83%

100%

Controllability rated High

57%

100%

Impact considers execution context

100%

100%

Overall exploitability is HIGH or CRITICAL

100%

100%

Proof-of-concept shows bypass

100%

100%

Remediation avoids shell invocation

100%

100%

Report structure follows format

16%

100%

93%

12%

Internal Developer Portal Security Audit

Multi-vulnerability triage and prioritization

Criteria
Without context
With context

Both vulnerabilities identified

100%

100%

XSS data flow traced

100%

100%

Path traversal data flow traced

100%

100%

XSS sanitization rated correctly

75%

100%

Path traversal sanitization rated Weak

75%

100%

Authentication considered for reachability

87%

100%

Correct XSS exploitability rating

100%

100%

Correct path traversal exploitability rating

25%

37%

Prioritization by severity

50%

100%

XSS proof-of-concept included

100%

100%

Path traversal bypass shown

100%

100%

Remediation for each vulnerability

100%

100%

Action urgency per rating

80%

60%

Report format followed for each

40%

100%

Repository
ArabelaTso/Skills-4-SE
Commit

0f00a4f

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

E-commerce User Lookup Security ReviewFile Conversion API Security AssessmentInternal Developer Portal Security Audit

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill