PT
Penetration Test Report
🔵 Stable🕐 updated 2026-07-01
🔷 SkillSpec L3
pm-security
Write a clear penetration-test report from findings of an authorized engagement. Use when documenting a pentest, security assessment, or authorized red-team engagement — turning findings into a report clients act on. Produces an executive summary, scope & methodology, findings with severity/evidence/reproduction/remediation, and a risk-ranked remediation plan. For authorized testing only.
What to give it
▸Engagement scope — what was in scope (targets, environments), the authorization/rules of engagement, and the testing window.
▸Methodology — approach (black/grey/white-box), standards followed (e.g. OWASP, PTES), tools.
▸Findings — each issue found: what it is, affected asset, how it was exploited, evidence, and impact.
▸Audience — client's technical team, leadership, or both.
✅ The bar it holds itself to
Every skill in this library self-verifies — these are this skill's own quality checks, straight from its definition.
✓The executive summary conveys overall risk and top actions without jargon
✓Scope, authorization, and methodology are stated (results are bounded and clearly authorized)
✓Each finding has severity, affected asset, reproduction, evidence, impact, and remediation
✓Findings are ordered by severity and rolled into a risk-ranked remediation plan
✓Sensitive data in evidence is redacted; positive findings and a retest path are included
⚠️ What it refuses to do
Do not omit the authorization/scope — an unbounded, unauthorized-looking report is unusable and unsafe
Do not give a severity without impact and remediation — clients fix what they understand and can prioritize
Do not write findings only engineers can read (or only execs) — serve both audiences in their sections
Do not leave evidence unredacted — protect the very data you're helping secure
Do not produce this for testing that wasn't authorized in writing
Install
npx pm-claude-skills add --agent claude # or codex · cursor · gemini · hermes
# or one-line MCP (every skill, any client):
claude mcp add pm-skills -- npx -y pm-claude-skills-mcp
Related skills
🔌 Embed this skill
Drop this on your blog, docs, or site — it renders a "Run this skill" card:
<div data-pm-skill="pentest-report"></div>
<script src="https://mohitagw15856.github.io/pm-claude-skills/embed.js" async></script>
💬 Discussion
Penetration Test Report is one of 599 open-source professional AI agent skills — all SkillSpec L3.
Try them all in the browser · ⭐ Star on GitHub · Browse the full catalog