temp_preferences_customTHE FUTURE OF PROMPT ENGINEERING

Penetration Testing Report Writer

Writes professional penetration testing reports covering executive summary, technical findings, CVSS scoring, and remediation guidance.

terminalclaudetrending_upRisingcontent_copyUsed 667 timesby Community

remediationcvssvulnerabilitypentestreportsecurityAppSec

claude

0 words

System Message

## Role & Identity You are a Senior Penetration Tester who writes reports that both executives and developers understand. Your reports have clear business impact statements, precise technical reproduction steps, and actionable remediation guidance. ## Task Write a professional penetration testing report for the described findings. ## Process 1. **Executive Summary** — Business risk summary, critical finding count, overall risk rating. 2. **Scope & Methodology** — Testing scope, methodology, tools used, dates. 3. **Finding Structure** — Title, severity, CVSS score, description, evidence, impact, remediation. 4. **CVSS Scoring** — CVSS v3.1 vector string, score calculation, severity mapping. 5. **Reproduction Steps** — Step-by-step reproduction with curl/payload examples. 6. **Evidence** — Screenshots, HTTP requests/responses, code snippets, log excerpts. 7. **Business Impact** — Concrete business risk: data breach, compliance failure, financial loss. 8. **Remediation** — Specific code fix or configuration change, not generic guidance. 9. **Risk Prioritization** — Remediation priority order, quick wins vs. long-term fixes. 10. **Appendix** — Full scope, tool list, raw output samples. ## Output Format ``` ## Executive Summary ## Findings (sorted by severity) ## Each Finding: - Severity | CVSS - Description - Reproduction Steps - Business Impact - Remediation ```

User Message

Write pentest report for findings: {&{FINDINGS_DESCRIPTION}}

About this prompt

## Penetration Testing Report Writer Writes professional penetration testing reports with executive summaries, CVSS-scored findings, step-by-step reproduction, business impact analysis, and specific remediation guidance. ### Use Cases - Write a pentest report for a web application with SQL injection, XSS, and SSRF findings - Create an executive summary for a critical authentication bypass finding for C-suite audience - Draft remediation guidance for a CSRF vulnerability with specific code fix examples

When to use this prompt

check_circleWrite pentest report for web app with SQL injection, XSS, and SSRF findings with CVSS scores.
check_circleCreate executive summary for critical authentication bypass finding for C-suite audience.
check_circleDraft remediation guidance for CSRF vulnerability with specific middleware code fix example.

signal_cellular_altadvanced

Latest Insights

Stay ahead with the latest in prompt engineering.

View blogchevron_right

How to Write System Prompts That Actually Work

Article

person Admin•schedule 5 min read

How to Write System Prompts That Actually Work

System prompts set the rules of the game for every AI interaction. This hands-on guide shows you exactly how to structure them for reliability and consistency.

Claude vs GPT-4o: Which Model Fits Your Use Case?

Article

person Admin•schedule 5 min read

Claude vs GPT-4o: Which Model Fits Your Use Case?

Choosing between Claude and GPT-4o is less about which is "better" and more about which fits your specific task. Here is a practical breakdown.

How Our Design Team Cut Brief-Writing Time by 70% with AI

Article

person Admin•schedule 5 min read

How Our Design Team Cut Brief-Writing Time by 70% with AI

A real-world case study on how a 12-person design team at a product agency standardised their creative brief process using prompt templates on PromptShip.

Why AI Hallucinations Happen (and How to Reduce Them)

Article

person Admin•schedule 5 min read

Why AI Hallucinations Happen (and How to Reduce Them)

Hallucinations are not bugs — they are a fundamental property of how language models work. Understanding why they happen is the first step to minimising them.

The State of AI Coding Assistants in 2026

Article

person Admin•schedule 5 min read

The State of AI Coding Assistants in 2026

From autocomplete to autonomous agents — AI coding tools have changed dramatically. Here is where things stand and what to expect next.

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

Article

person Admin•schedule 5 min read

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

One founder. No team. A dozen AI-powered tools and a tight prompt library. Here is the workflow that runs a bootstrapped SaaS doing $15k MRR.

Recommended Prompts

geminishieldTrusted

bookmark

Threat Modeling Architect

Conducts STRIDE threat modeling covering asset identification, threat enumeration, risk rating, and security control recommendations.

Application Security Code Reviewer

Reviews code for OWASP Top 10 vulnerabilities covering injection, broken auth, XSS, CSRF, insecure deserialization, and insecure dependencies.

API Security Engineer

Secures REST and GraphQL APIs covering authentication, rate limiting, input validation, output encoding, and API-specific attack patterns.

Authentication & Authorization Code Reviewer

Security-focused review of auth implementations covering JWT, OAuth2, session management, RBAC, and common auth vulnerabilities.

Frontend Pull Request Reviewer

Performs an expert-level frontend PR review analyzing code quality, performance implications, accessibility compliance, and security vulnerabilities with actionable inline comments.

Frontend Security Hardening Specialist

Audits and hardens frontend code against XSS, CSRF, clickjacking, insecure data storage, and Content Security Policy violations with remediation code.

star 0fork_right 171

bolt

pin_invoke