performing-penetration-testing

This skill enables automated penetration testing of web applications. It uses the penetration-tester plugin to identify vulnerabilities, including OWASP Top 10 threats, and suggests exploitation techniques. Use this skill when the user requests a "penetration test", "pentest", "vulnerability assessment", or asks to "exploit" a web application. It provides comprehensive reporting on identified security flaws.

1.00x

Quality

44%

Does it follow best practices?

Impact

90%

1.00x

Average score across 12 eval scenarios

Securityby

Advisory

Suggest reviewing before use

Optimize this skill with Tessl

npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/penetration-tester/skills/penetration-tester/SKILL.md

Evaluation results

100%

Penetration Test Report: RetailFlow E-Commerce Platform

Pentest report structure and content

Criteria

Without context

With context

Risk ratings present

100%

Remediation recommendations

100%

SQL injection coverage

100%

XSS coverage

100%

CSRF coverage

100%

OWASP framework reference

100%

Scope documentation

100%

Authorization statement

100%

Executive summary

100%

Structured sections

100%

91%

-2%

Security Assessment Planning: MediTrack Patient Portal

Engagement planning and authorization

Criteria

Without context

With context

Authorization requirement

100%

Scope boundaries defined

100%

Safe exploitation approach

100%

Target identification step

100%

OWASP Top 10 methodology

100%

Vulnerability tracking integration

30%

10%

Authentication and authorization testing

100%

Reporting deliverable

100%

88%

API Security Assessment: LogiTrack Shipment Management API

API security assessment reporting

Criteria

Without context

With context

Authentication bypass coverage

58%

100%

Authorization issues coverage

100%

Remediation per finding

100%

OWASP framework used

100%

Risk ratings assigned

100%

Injection attack coverage

100%

Authorization confirmation

100%

Vulnerability tracking mention

Scope definition

100%

23%

Vulnerability Findings Export for Engineering Backlog

Vulnerability tracking integration

Criteria

Without context

With context

Machine-readable export

100%

Risk rating per finding

100%

OWASP category per finding

100%

Remediation per finding

25%

100%

All input findings included

100%

Scope field present

100%

Authorization statement

100%

Tracking-system fields

80%

100%

Summary document

100%

No single-paragraph blob

100%

18%

Security Compliance Assessment for FinTech Web Portal

Comprehensive OWASP Top 10 assessment

Criteria

Without context

With context

OWASP Top 10 organizing structure

40%

100%

Minimum 8 OWASP categories covered

41%

100%

Injection addressed

100%

Broken access control addressed

100%

Risk rating per finding

80%

100%

Remediation per finding

100%

Target identification

100%

Scope definition

100%

Authorization confirmation

100%

Executive summary

100%

Negative findings included

100%

70%

-3%

Developer Vulnerability Education Document

Safe exploitation demonstration documentation

Criteria

Without context

With context

No working exploit code

80%

60%

Conceptual PoC included

100%

SQL injection demonstrated safely

80%

70%

XSS demonstrated safely

70%

80%

Risk rating per vulnerability

Remediation per vulnerability

100%

Developer-oriented framing

100%

Authorization statement

100%

OWASP category mapping

Impact description

100%

88%

-6%

Targeted Web Banking Security Assessment

CSRF and session security assessment

Criteria

Without context

With context

CSRF addressed

100%

Session/cookie security addressed

100%

Risk rating per finding

100%

Remediation per finding

100%

OWASP category mapping

90%

80%

Authorization statement

50%

20%

Scope defined

100%

No live attack payloads

100%

Conceptual PoC present

100%

75%

Executive summary

100%

Penetration Testing Engagement Template

Penetration testing methodology workflow

Criteria

Without context

With context

Target identification phase

100%

Vulnerability scanning phase

100%

Reporting phase

100%

Authorization requirement

100%

Scope definition requirement

100%

OWASP Top 10 in scanning

83%

100%

Safe exploitation guidance

100%

Report contents specified

100%

Sequential phase ordering

100%

79%

-4%

Series A Due Diligence Security Review

Full-stack web app security review report

Criteria

Without context

With context

SQL injection addressed

100%

XSS addressed

100%

CSRF addressed

25%

Authentication/authorization addressed

100%

OWASP used as framework

100%

Risk rating per category

100%

Remediation per finding

100%

Authorization confirmed

12%

Scope documented

100%

Executive summary present

100%

Negative findings documented

50%

25%

Target identified

100%

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: 13d35b8

Evaluated: 2 months ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Penetration Test Report: RetailFlow E-Commerce Platform Security Assessment Planning: MediTrack Patient Portal API Security Assessment: LogiTrack Shipment Management API Vulnerability Findings Export for Engineering Backlog Security Compliance Assessment for FinTech Web Portal Developer Vulnerability Education Document Targeted Web Banking Security Assessment Penetration Testing Engagement Template Series A Due Diligence Security Review

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.