This repo contains a collection of prompt templates to assist with writing high-quality vulnerability reports using AI language models like GPT-4. The templates are designed to produce reports that are easy to generate, easy to follow, use organic language, and maintain good writing quality.
The recommended setup is Cursor with Claude 3 Opus (you'll need a Pro subscription for that).
HM.md: Template for High/Medium severity issuesQA.md: Template for Low severity / QA issues
HM.md: Standard template for High/Medium severity issuesHM detailed.md: More detailed template for complex High/Medium severity issuesHM with POC.md: Template that includes a Proof of Concept section
Follow-up list steps in test.md: Summarize a coded POC into a list of stepsBlock comments follow-up.md: Get the previous LLM reply formatted in a code block
- Leave detailed inline comments on potential vulnerabilities during your code review
- In your IDE, select the comment and use an AI assistant tool to start a new chat
- Copy-paste the appropriate template and add any additional context the AI may need
- Iterate on the AI's output to refine the report details
- Manually review and edit the final report, adding missing context and correcting any errors
Treat the AI's output as a starting point, not a final product. Always verify the reasoning, POC, and other details yourself before submitting.
See this X thread for more details.
Contributions to improve these templates or add new ones are welcome! Please open a pull request with your changes.