AI Agent Skill HUB

security-report

Generate security assessment reports in docx format with findings, risk ratings, and remediation recommendations. Use when: User asks for security audit report, vulnerability assessment document, penetration test report, or compliance gap analysis document. Keywords: security report, audit findings, vulnerability report, pentest report

25 stars
byComeOnOliver
View on GitHubInstallation ↓

Best use case

security-report is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Generate security assessment reports in docx format with findings, risk ratings, and remediation recommendations. Use when: User asks for security audit report, vulnerability assessment document, penetration test report, or compliance gap analysis document. Keywords: security report, audit findings, vulnerability report, pentest report

Teams using security-report should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/security-report/SKILL.md --create-dirs "https://raw.githubusercontent.com/ComeOnOliver/skillshub/main/skills/aiskillstore/marketplace/bytr-ecosystems/security-report/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/security-report/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How security-report Compares

Feature / Agentsecurity-reportStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Generate security assessment reports in docx format with findings, risk ratings, and remediation recommendations. Use when: User asks for security audit report, vulnerability assessment document, penetration test report, or compliance gap analysis document. Keywords: security report, audit findings, vulnerability report, pentest report

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Security Report Generator

## Quick Start

```python
from docx import Document
from docx.shared import Pt, Inches, RGBColor
from docx.enum.text import WD_ALIGN_PARAGRAPH

doc = Document()
doc.add_heading('Security Assessment Report', 0)
```

## Core Workflow

1. Create document with standard sections (see structure below)
2. Apply risk rating colors (Critical=red, High=orange, Medium=yellow, Low=green)
3. Generate findings table with severity sorting
4. Add remediation timeline
5. Save to `/mnt/user-data/outputs/`

## Document Structure

```
1. Executive Summary (1 page max)
2. Scope & Methodology
3. Risk Summary (table + chart)
4. Detailed Findings (sorted by severity)
   - Finding ID
   - Title
   - Severity + CVSS
   - Description
   - Evidence
   - Remediation
   - References
5. Remediation Roadmap
6. Appendices
```

## Critical Gotchas

- **Table borders**: Must set each cell border explicitly, no table-level setting
- **Color codes**: Use RGBColor(r,g,b), not hex strings
- **Page breaks**: Add before major sections with `doc.add_page_break()`

## Risk Rating Colors

```python
RISK_COLORS = {
    'Critical': RGBColor(192, 0, 0),    # Dark red
    'High': RGBColor(255, 102, 0),      # Orange  
    'Medium': RGBColor(255, 192, 0),    # Yellow
    'Low': RGBColor(0, 176, 80),        # Green
    'Info': RGBColor(91, 155, 213)      # Blue
}
```

## Advanced Features

- [EXECUTIVE_SUMMARY.md](references/EXECUTIVE_SUMMARY.md) - C-level friendly language
- [CVSS_CALCULATOR.md](references/CVSS_CALCULATOR.md) - Scoring methodology

Related Skills

robotics-security

25
from ComeOnOliver/skillshub

Security hardening and best practices for robotic systems, covering SROS2 DDS security, network segmentation, secrets management, secure boot, and the physical-cyber safety intersection. Use this skill when securing ROS2 communications, configuring DDS encryption and access control, hardening robot onboard computers, managing certificates and credentials, setting up network segmentation for robot fleets, or addressing the unique security challenges where cyber vulnerabilities become physical safety risks. Trigger whenever the user mentions SROS2, DDS security, robot security, robot hardening, ROS2 encryption, ROS2 access control, robot network security, secure robot deployment, robot certificates, keystore generation, robot firewall, e-stop security, safety controller isolation, or IEC 62443 for robotics.

../../../engineering/skill-security-auditor/SKILL.md

25
from ComeOnOliver/skillshub

No description provided.

../../../engineering-team/playwright-pro/skills/report/SKILL.md

25
from ComeOnOliver/skillshub

No description provided.

security-best-practices

25
from ComeOnOliver/skillshub

Implement security best practices for web applications and infrastructure. Use when securing APIs, preventing common vulnerabilities, or implementing security policies. Handles HTTPS, CORS, XSS, SQL Injection, CSRF, rate limiting, and OWASP Top 10.

web-security-testing

25
from ComeOnOliver/skillshub

Web application security testing workflow for OWASP Top 10 vulnerabilities including injection, XSS, authentication flaws, and access control issues.

security-scanning-tools

25
from ComeOnOliver/skillshub

This skill should be used when the user asks to "perform vulnerability scanning", "scan networks for open ports", "assess web application security", "scan wireless networks", "detect malware", "check cloud security", or "evaluate system compliance". It provides comprehensive guidance on security scanning tools and methodologies.

security-scanning-security-sast

25
from ComeOnOliver/skillshub

Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks

security-scanning-security-hardening

25
from ComeOnOliver/skillshub

Coordinate multi-layer security scanning and hardening across application, infrastructure, and compliance controls.

security-scanning-security-dependencies

25
from ComeOnOliver/skillshub

You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation.

security-requirement-extraction

25
from ComeOnOliver/skillshub

Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.

security-compliance-compliance-check

25
from ComeOnOliver/skillshub

You are a compliance expert specializing in regulatory requirements for software systems including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards. Perform compliance audits and provide implementation guidance.

security-bluebook-builder

25
from ComeOnOliver/skillshub

Build security Blue Books for sensitive apps