@laitszkin/apollo-toolkit 3.11.8 → 3.12.1

package/archive-specs/references/templates/docs-index.md

@@ -1,39 +0,0 @@
-# [Project Name] Documentation Index
-
-## Features (`docs/features/`)
-
-User-facing capabilities described with BDD scenarios (Given/When/Then). Each file covers one functional category.
-
-| File | Category | Description |
-| --- | --- | --- |
-| `docs/features/[category].md` | [category name] | [One-line description] |
-
-## Architecture (`docs/architecture/`)
-
-Macro-level design principles organized by module or layer. Each principle is abstract enough to survive minor code changes.
-
-| File | Module | Description |
-| --- | --- | --- |
-| `docs/architecture/[module].md` | [module name] | [One-line description] |
-
-## Principles (`docs/principles/`)
-
-Code style, naming conventions, and development constraints extracted from the codebase.
-
-| File | Topic | Description |
-| --- | --- | --- |
-| `docs/principles/[topic].md` | [topic name] | [One-line description] |
-
-## Root Documents
-
-- `README.md` — project overview and quick start
-- `CONTRIBUTING.md` — contribution workflow (if applicable)
-- `SECURITY.md` — vulnerability reporting (if applicable)
-- `CHANGELOG.md` — release history (if applicable)
-
-## Reference List
-
-- Source specs reviewed: [list of spec directories/files]
-- Existing docs updated: [paths]
-- Important code/config references: [paths]
-- Remaining unknowns: [list or `None`]

package/archive-specs/references/templates/features.md

@@ -1,25 +0,0 @@
-# <功能類別名稱>
-
-[One-sentence summary of this functional category from a user perspective.]
-
-## <功能名稱>
-
-- **Given** <前置條件>
-- **When** <使用者操作>
-- **Then** <預期結果>
-
-## <功能名稱>
-
-- **Given** <前置條件>
-- **When** <使用者操作>
-- **Then** <預期結果>
-
----
-
-## Writing Rules
-
-- Describe behavior from a user's perspective; never mention file paths, function names, or database tables.
-- Use BDD phrasing: **Given** (precondition) → **When** (action) → **Then** (outcome).
-- Each file covers exactly one functional category (e.g., authentication, data export, notifications).
-- Group related features under descriptive subheadings.
-- Title the file with a term users would recognize, not a module name.

package/archive-specs/references/templates/principles.md

@@ -1,28 +0,0 @@
-# <慣例類別>
-
-[One-sentence summary of what this convention area covers.]
-
-## <慣例名稱>
-
-<慣例描述>
-
-**理由**: <為什麼採用此慣例>
-
-**範例**: <從代碼庫提取的具體範例>
-
-## <慣例名稱>
-
-<慣例描述>
-
-**理由**: <為什麼採用此慣例>
-
-**範例**: <從代碼庫提取的具體範例>
-
----
-
-## Writing Rules
-
-- Each file covers one convention area (e.g., naming, coding style, dependency management, error handling, testing).
-- State the convention clearly.
-- Provide rationale traceable to the codebase.
-- Include a brief example from the codebase, not an invented one.

package/discover-edge-cases/CHANGELOG.md

@@ -1,19 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-## [v0.2.1] - 2026-02-17
-
-### Changed
-- Remove `submit-changes` skill dependency from no-diff release flow while keeping the PR workflow.
-- Update skill and README guidance to use direct git commit/push before opening a PR.
-
-## [v0.2.0] - 2026-02-17
-
-### Added
-- Add no-diff workflow guidance to scan the whole codebase for actionable edge cases.
-- Add release-flow guidance for no-diff fixes: create worktree, use `submit-changes`, and open a PR.
-
-### Changed
-- Clarify scope selection logic: `git diff` path uses changed files only; no-diff path uses full-codebase scan.
-- Expand README examples to include a no-diff prompt and expected execution path.

package/discover-edge-cases/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2026 LaiTszKin
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

package/discover-edge-cases/README.md

@@ -1,87 +0,0 @@
-# discover-edge-cases
-
-`discover-edge-cases` is a Codex skill for discovering reproducible edge-case risks and coverage gaps.
-
-## Brief introduction
-
-This skill is discovery-oriented. It scans the current diff by default, or the full codebase
-when there is no diff, then validates the highest-risk edge cases with concrete evidence.
-It does not write tests, patch code, or open PRs.
-
-It follows a strict workflow:
-1. Detect whether `git diff` exists.
-2. Inspect only changed files plus minimal dependencies, or perform a full-project scan when no diff exists.
-3. Run `discover-security-issues` as an adversarial dependency for code-affecting scope.
-4. Probe the highest-risk edge cases and gather concrete evidence.
-5. Reproduce confirmed issues at least twice and check nearby variants.
-6. Prioritize confirmed findings and report hardening guidance only.
-
-## When to use
-
-Use this skill when a task asks you to:
-- find edge-case risks in a diff or codebase,
-- validate unusual inputs and error paths,
-- assess hardening gaps around null/empty/boundary handling,
-- review retries, timeouts, degradation paths, or stateful failure modes.
-
-## Core principles
-
-- Scope is `git diff` plus the minimal dependency chain by default.
-- If `git diff` is empty, run a full-codebase scan focused on high-risk modules.
-- Treat prior authorship as irrelevant; even code written earlier in the same conversation must be challenged like third-party code.
-- Decisions must be evidence-based; speculative ideas stay marked as hypotheses.
-- Keep only reproducible findings with exact evidence.
-- Run `discover-security-issues` as a required adversarial cross-check for code-affecting scope.
-- Report recommended fixes and test ideas, but do not implement them in this skill.
-
-## External API requirements
-
-When the selected scope involves external API calls, this skill requires checks for:
-- health/availability handling,
-- graceful handling of `429` and `500` responses,
-- actionable error logging (status code, request id, retry count, latency).
-
-## Example
-
-Prompt example:
-
-```text
-Please review this PR diff and find the 3 highest-risk edge cases.
-Validate null input, boundary timestamp, and API 429 retry behavior.
-Only report confirmed findings with reproduction evidence and suggested test coverage.
-```
-
-Expected behavior:
-- only changed files and minimal dependency chain are investigated,
-- each finding includes reproducible evidence,
-- speculative ideas are separated from confirmed issues,
-- the output stays discovery-only with no code edits.
-
-No-diff prompt example:
-
-```text
-There is no git diff in this repo. Scan the whole codebase for high-risk edge cases.
-If you find any actionable issues, reproduce them with evidence and report the highest-priority findings only.
-```
-
-## References
-
-- [`SKILL.md`](./SKILL.md) - full workflow and execution rules.
-- [`references/architecture-edge-cases.md`](./references/architecture-edge-cases.md) - cross-module/system-level edge-case checklist.
-- [`references/code-edge-cases.md`](./references/code-edge-cases.md) - code-level input, boundary, and error-path checklist.
-
-## Repository structure
-
-```text
-.
-├── LICENSE
-├── SKILL.md
-├── README.md
-└── references
-    ├── architecture-edge-cases.md
-    └── code-edge-cases.md
-```
-
-## License
-
-MIT

package/discover-edge-cases/SKILL.md

@@ -1,91 +0,0 @@
----
-name: discover-edge-cases
-description: >-
-  Diff-first (or full-repo) discovery of **reproducible** edge-case risks: boundaries, null/empty, failure paths, concurrency, observability; evidence via code/tests/runtime—**no edits, no new tests, no PRs**. For code-affecting scope, cross-check with **`discover-security-issues`** before final report.
-  Use for edge-case review, hardening gaps, unusual inputs/error paths, pre-merge risk pass **STOP** implementation or “just fix it here”… BAD unproven alarm list… GOOD path:line + double repro…
----
-
-# Discover Edge Cases
-
-## Dependencies
-
-- Required: none.
-- Conditional: **`discover-security-issues`** on **code-affecting** scope before finalizing the report (adversarial security pass).
-- Optional: none.
-- Fallback: If that security cross-check is **required** but unavailable, **MUST** stop and report the missing dependency.
-
-## Non-negotiables
-
-- **Discovery-only**: **MUST NOT** edit code, add/modify tests, or open PRs.
-- **MUST** keep only **reproducible** findings; label guesses as **hypotheses**.
-- **MUST** reproduce each **confirmed** issue **at least twice** (same trigger); vary neighbors (empty vs null, malformed vs wrong-type).
-- **MUST** discard authorship bias—including code from earlier in the conversation.
-- If remediation is requested: finish this pass first; hand off **confirmed** items to an implementation workflow.
-
-## Standards (summary)
-
-- **Evidence**: `path:line`, commands/inputs, test output, or runtime symptoms—no intent-only claims.
-- **Execution**: Scope → baseline read → focused probes (2–5 high-impact) → validate → prioritize → report.
-- **Quality**: Prefer fewer strong findings; flag data integrity, silent failure, retry storms, cross-module propagation.
-- **Output**: Prioritized findings, reproduction, risk, hardening **advice**, residual risk/hypotheses.
-
-## Workflow
-
-**Chain-of-thought:** Answer **`Pause →`** each step; if scope is wrong, fix before probing.
-
-### 1) Determine scan scope
-
-- `git diff --name-only` first.
-- **With diff**: changed files + minimum dependency chain to validate suspected edges.
-- **No diff**: whole project, prioritizing domain logic, external boundaries, stateful/concurrent modules.
-- If nothing actionable after honest pass: report `No actionable edge-case finding identified` and stop.
-   - **Pause →** Can I name the **smallest file set** I must read—not the whole monorepo by default?
-
-### 2) Build factual baseline
-
-- Read end-to-end before judging; derive behavior from code, tests, runtime only.
-- Clarify contracts: types, ranges, null, ordering, retries, state transitions.
-   - **Pause →** What did I **execute** (test/command) vs only read?
-
-### 3) Focused probes (prioritize 2–5)
-
-Target high-risk patterns tied to scope:
-
-- Empty/null/malformed/unexpected types; boundaries (0, 1, min/max, overflow); duplicates/order.
-- Dependency failure: timeout, partial data, retry loops; invalid formats.
-- Concurrency/reentrancy; architecture edges: backpressure, exhaustion, partial commit/rollback.
-- **HTTP/API** (if in scope): 429/500 behavior; logging with status/id/retry/latency (no silent fails).
-
-Load as needed: `references/architecture-edge-cases.md`, `references/code-edge-cases.md`.
-   - **Pause →** Would **discover-security-issues** flag this sink if it is auth/input injection—did I schedule that pass for code changes?
-
-### 4) Confirm reproducibility
-
-- Two passes per confirmed issue; note variants tried; keep unconfirmed as hypotheses.
-
-### 5) Prioritize
-
-- User impact, frequency/exploitability, blast radius; call out integrity, state corruption, silent failure.
-
-### 6) Security cross-check (code-affecting)
-
-- Run **`discover-security-issues`** on the **same** scope; integrate **confirmed** security items (do not duplicate as edge trivia unless distinct).
-
-### 7) Report only
-
-Deliver: (1) Findings—title, severity, evidence, repro, broken invariant; (2) Edge evidence—preconditions, observation, variants; (3) Risk—impact/likelihood/scope; (4) Hardening guidance (advisory); (5) Residual risk—hypotheses, next checks.
-
-## Minimum coverage (apply what fits scope)
-
-- Input validation; boundary behavior; failure/degraded modes; state/idempotency/concurrency/rollback; actionable observability.
-
-## Sample hints
-
-- **Diff**: One new parser → empty string + max length + malformed delimiter **before** “maybe SQL.”
-- **No diff**: Start at payment/state machine module—highest consequence.
-- **Handoff**: Five confirmed edges → remediation skill gets **numbered list + repro**—not this skill patching.
-
-## References
-
-- `references/architecture-edge-cases.md` — system-level checklist.
-- `references/code-edge-cases.md` — code-level input/error/concurrency checklist.

package/discover-edge-cases/agents/openai.yaml

@@ -1,4 +0,0 @@
-interface:
-  display_name: "Discover Edge Cases"
-  short_description: "Find reproducible edge-case risks with evidence-only reporting"
-  default_prompt: "Use $discover-edge-cases to scan the current diff first (or the full codebase when there is no diff), discard any bias toward code written earlier in the conversation, run $discover-security-issues as an adversarial cross-check for code-affecting scope, identify the highest-risk reproducible edge-case findings, validate them with concrete evidence, prioritize the confirmed risks, and report hardening and test recommendations without modifying code."

package/discover-edge-cases/references/architecture-edge-cases.md

@@ -1,41 +0,0 @@
-# Common Architecture-level Edge Cases (Reference List)
-
-## How to use
-- Pick only 2-5 items directly related to the current change; avoid exhaustive scans.
-- If changes involve external dependencies/concurrency/scheduling/messaging, prioritize matching sections.
-
-## Concurrency and synchronization
-- Race conditions: concurrent updates to the same resource cause overwrite/lost updates
-- Deadlock/livelock: inconsistent lock ordering, reentrant lock misuse, or busy-wait loops
-- Visibility/memory consistency: cross-thread state is not synchronized
-- Async task leaks: background tasks not cancelled or cleaned up
-
-## Backpressure and resources
-- Backpressure failure: slow downstream causes upstream queue growth, OOM, or queue saturation
-- Resource starvation: high-priority tasks monopolize resources
-- Connection pool exhaustion: unreleased or delayed-release connections
-- File/socket leaks: exception paths skip close/release
-
-## Distributed systems
-- Network partition/intermittent unreachable state: requires retry/degrade/isolation strategy
-- Retry storms: retry amplification under failure
-- Consistency gaps: stale reads or partial writes
-- Duplicate messages: at-least-once delivery causes duplicate processing
-- Message ordering: reordering/out-of-order events corrupt state
-- Clock skew: time-based ordering/expiration becomes incorrect
-
-## Timeout and cancellation
-- Timeout not propagated: child tasks continue and consume resources
-- Non-reentrant cancellation: retry causes inconsistent state
-- Timeout boundary flapping: unstable behavior near timeout thresholds
-
-## Error handling and rollback
-- Partial success: multi-step writes complete only partially
-- Rollback failure: compensation action fails and leaves inconsistent data
-- Swallowed exceptions: errors are neither surfaced nor logged
-- Missing idempotency: retries create duplicate side effects
-
-## Deployment and versioning
-- Rolling upgrade mismatch: old/new versions run together with inconsistent behavior
-- Config drift: node configurations diverge
-- Hot reload instability: temporary unavailability or state loss during reload

package/discover-edge-cases/references/code-edge-cases.md

@@ -1,46 +0,0 @@
-# Common Code-level Edge Cases (Reference List)
-
-## How to use
-- Pick only 2-5 items directly related to the current change.
-- Prioritize observable failures and high-risk inputs.
-
-## Input and typing
-- Null/missing fields: None/null, empty string, empty collection
-- Unexpected types: string-number mixing, boolean-integer confusion
-- Oversized input: long strings, large arrays, deeply nested objects
-- Encoding issues: UTF-8/non-ASCII, invisible characters
-
-## Boundaries and numerics
-- Off-by-one: index 0/1 and length boundaries
-- Overflow/underflow: integer/timestamp boundaries
-- NaN/Inf: floating-point special values
-- Precision loss: money/ratio calculations
-- Negative values where invalid
-
-## Structure and ordering
-- Duplicate elements: dedup/accumulation logic
-- Ordering assumptions: sorting stability, input-order dependence
-- Empty/singleton collections: reduce/min/max/avg behavior
-- Mutable/immutable mismatch: in-place mutation of input data
-
-## Exceptions and error handling
-- Parsing failures: date/timezone, JSON, CSV
-- External dependency failures: 429/500/timeout
-- Swallowed errors: `except pass` or missing logs
-- Recovery strategy: retry count, backoff, degradation
-
-## State and side effects
-- Reentrancy: same request invoked multiple times
-- Global state contamination: cache/singleton bleed-through
-- Mutable default parameters: Python list/dict defaults
-- Resource release: file/connection not closed
-
-## Security and validation
-- Insufficient authorization behavior
-- Validation bypass via null/0/False
-- Path/injection risks from string concatenation
-
-## Performance and limits
-- N+1 query patterns inside loops
-- Large-data stress: timeout/memory pressure
-- Hotspots: lock contention under high-frequency calls

package/discover-security-issues/CHANGELOG.md

@@ -1,32 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on Keep a Changelog and this project follows Semantic Versioning.
-
-## [v0.0.3] - 2026-05-06
-
-### Changed
-- Rename skill directory and identifier from `harden-app-security` to `discover-security-issues`; refresh `SKILL.md`, `README.md`, and agent display metadata to match discovery-only semantics.
-
-## [v0.0.2] - 2026-03-11
-
-### Changed
-- Reworked the skill into a single discovery-only workflow and removed interaction/auto mode selection.
-- Removed proactive remediation behavior from the core workflow (no direct patching or PR delivery).
-- Expanded module scope from agent/finance only to include a new `software-system` domain for common software and web vulnerabilities.
-- Updated skill metadata and README to reflect adversarial finding/reporting-only behavior.
-
-### Added
-- Added `references/common-software-attack-catalog.md` covering SQL injection, XSS, CSRF, SSRF, path traversal, IDOR/BOLA, command injection, session/token risks, unsafe upload, and misconfiguration checks.
-
-## [v0.0.1] - 2026-02-17
-
-### Added
-- Documented explicit interaction and auto execution modes in the security hardening workflow.
-- Clarified handoff behavior for interaction mode and delivery expectations for auto mode.
-
-### Changed
-- Removed mandatory `$submit-changes` dependency from auto-mode PR delivery.
-- Switched auto-mode delivery guidance to standard git push plus PR creation workflow (prefer `gh pr create`).
-- Updated agent interface metadata to reflect interaction-first execution behavior.

package/discover-security-issues/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2026 LaiTszKin
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

package/discover-security-issues/README.md

@@ -1,35 +0,0 @@
-# discover-security-issues
-
-Evidence-first, **discovery-only** adversarial security workflow across agent, financial, and general software surfaces.
-
-## What this skill provides
-
-- Reproduce exploitable behavior with payloads, requests, and `path:line` proof—**no patches or PRs**.
-- Modules: `agent-system`, `financial-program`, `software-system`, and `combined` (cross-boundary chains).
-- Catalog-driven scenarios (SQLi, XSS, CSRF, SSRF, IDOR, prompt injection, money-path races, …).
-- Prioritized reporting plus advisory hardening notes and residual risk.
-
-## Layout
-
-- `SKILL.md` — workflow, modules, output shape.
-- `agents/openai.yaml` — metadata and default prompt.
-- `references/*` — attack catalogs and optional test-pattern snippets.
-
-## Typical use
-
-1. Pick module(s) and trust boundaries.
-2. Walk selected reference catalogs; record only **double-reproduced** issues.
-3. Prioritize and report; stop before implementation—hand off confirmed findings if fixes are needed.
-
-## Example
-
-```text
-Use $discover-security-issues in discovery-only mode.
-Module: combined (agent-system + software-system).
-Focus: prompt injection to privileged tools, SQL injection, IDOR.
-Deliver severity-ordered findings with exploit steps and path:line evidence.
-```
-
-## License
-
-MIT. See [LICENSE](LICENSE).

package/discover-security-issues/SKILL.md

@@ -1,88 +0,0 @@
----
-name: discover-security-issues
-description: >-
-  Discovery-only adversarial audit: map trust boundaries, run module catalogs (`agent-system`, `financial-program`, `software-system`, `combined`), reproduce exploitable behavior with payloads/commands and `path:line` evidence; prioritize impact × exploitability—**no code edits, no PRs, no auto-remediation**.
-  Use for security review, vuln hunting, SQLi/XSS/auth/IDOR checks, agent prompt-injection/tool abuse, money-path races **STOP** when user wants patches shipped—hand off findings… BAD single vague “looks fine”… GOOD two-pass repro, hypothesis vs confirmed…
----
-
-# Discover Security Issues
-
-## Dependencies
-
-- Required: none.
-- Conditional: none.
-- Optional: none.
-- Fallback: not applicable.
-
-## Non-negotiables
-
-- **Discovery-only**: **MUST NOT** edit code, apply patches, open PRs, or run “fix workflows.”
-- **MUST** keep only **reproducible** issues with exploit evidence; separate **hypotheses** from **confirmed** findings.
-- **MUST** reproduce each confirmed exploit **at least twice** on the same path; use nearby payload variants for high-risk sinks.
-- **MUST** discard authorship bias—treat all code as untrusted until evidence proves behavior.
-
-## Standards (summary)
-
-- **Evidence**: Payload/precondition, observable failure, `path:line`, commands or requests that reproduce.
-- **Execution**: Pick modules → boundaries → scenarios from references → validate → prioritize → report only.
-- **Quality**: Rank by impact, exploitability, reach; unknowns listed under residual risk.
-- **Output**: Findings (severity-ordered), attack evidence, risk notes, hardening **advice** (not patches), residual risk.
-
-## Workflow
-
-**Chain-of-thought:** After each step, satisfy **`Pause →`** before continuing; halt on missing scope or contradictory module choice.
-
-### 1) Scope and modules
-
-- Choose one or more of: `agent-system`, `financial-program`, `software-system`, `combined` (cross-boundary chains).
-- List untrusted inputs, privileged actions, and protected assets; state invariants that must hold.
-   - **Pause →** Which module catalogs did I **open** (file names)—not guessed from memory?
-
-### 2) Execute scenarios from references
-
-- **Agent**: `references/agent-attack-catalog.md`; optional `references/security-test-patterns-agent.md` (prompt injection, tool abuse, memory/exfil paths).
-- **Financial**: `references/red-team-extreme-scenarios.md`, `references/risk-checklist.md`; optional `references/security-test-patterns-finance.md` (authz, replay/race, idempotency, precision, lifecycle).
-- **Software**: `references/common-software-attack-catalog.md` (SQL/NoSQL/command injection, XSS, CSRF, SSRF, traversal, upload, session/JWT, IDOR/BOLA, deserialization, misconfig).
-- **Combined**: relevant subsets **plus** chains (e.g. injection → privileged API).
-   - **Pause →** Did I record **payload + preconditions + observed behavior** for each candidate—not just “maybe vulnerable”?
-
-### 3) Validate reproducibility
-
-- Re-run each confirmed path twice; add encoding/casing/delimiter variants on hot sinks.
-   - **Pause →** Is anything still “likely” without a second repro—downgrade to hypothesis?
-
-### 4) Prioritize
-
-- Order Critical/High → Medium → Low using impact, exploitability, blast radius (multi-tenant / cross-tenant called out).
-
-### 5) Report only
-
-Deliver (see **Output shape** below): findings, attack evidence, prioritization, hardening guidance (advisory), residual risk.
-
-## Minimum coverage (apply per selected module)
-
-- **Core**: trust boundaries, authn/authz, input → dangerous sink paths, secrets/sensitive data handling.
-- **Agent**: prompt/indirect injection, unauthorized tools/actions, exfil, memory poisoning resistance.
-- **Financial**: object-level authz, replay/race/idempotency, precision, oracle/side-effect safety, failure consistency.
-- **Software**: injection families, XSS/CSRF/SSRF, traversal/upload, session/JWT, brute-force/rate limits, debug/CORS/secrets exposure.
-- **Combined**: module checks + realistic cross-boundary chains.
-
-## Output shape
-
-1. **Findings** (high → low): title, severity, evidence (`path:line`), reproduction steps/payload, impacted invariant/asset.
-2. **Attack evidence**: preconditions, commands/requests, observed insecure behavior, variant results.
-3. **Risk prioritization**: impact, exploitability, reach; why it matters in **this** system.
-4. **Hardening guidance** (advice only): fix direction, validation focus post-remediation.
-5. **Residual risk**: hypotheses, assumptions, follow-up probes.
-
-## Sample hints
-
-- **Module**: Web API + Claude tool-use → `combined` (software + agent); deposits/withdrawals → include `financial-program`.
-- **Evidence**: “SQLi possible” without two runs + exact parameter → stays **hypothesis** until repro’d.
-- **Stop line**: User says “patch it now” → finish report; hand off to implementation skills—**do not** self-patch here.
-
-## References
-
-- `references/agent-attack-catalog.md`, `references/security-test-patterns-agent.md`
-- `references/red-team-extreme-scenarios.md`, `references/risk-checklist.md`, `references/security-test-patterns-finance.md`
-- `references/common-software-attack-catalog.md`, `references/test-snippets.md` (optional snippets)

package/discover-security-issues/agents/openai.yaml

@@ -1,4 +0,0 @@
-interface:
-  display_name: "Discover Security Issues"
-  short_description: "Discovery-only adversarial audit: reproducible exploits across agent, finance, and software stacks"
-  default_prompt: "Use $discover-security-issues to run a discovery-only adversarial audit. Reproduce exploitable vulnerabilities with concrete evidence and severity prioritization across agent-system, financial-program, and software-system scopes (including SQL injection and common web flaws). Do not apply code fixes or PR actions."