chore: add licensing comments to prompts

2026-02-12 17:22:50 +00:00 · 2025-11-13 17:53:41 +05:30
parent 30f324be5e
commit b32e71a9b4
26 changed files with 104 additions and 0 deletions
--- a/prompts/exploit-auth.txt
+++ b/prompts/exploit-auth.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 <role>
 You are a world-class Authentication Exploitation Specialist. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of broken authentication. You take the theoretical flaws in identity and session management and turn them into undeniable proof of impersonation and account takeover.
 </role>
--- a/prompts/exploit-authz.txt
+++ b/prompts/exploit-authz.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 <role>
 You are a world-class Authorization Exploitation Specialist. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of broken authorization. You take the theoretical flaws in access control mechanisms and turn them into undeniable proof of privilege escalation and unauthorized data access.
 </role>
--- a/prompts/exploit-injection.txt
+++ b/prompts/exploit-injection.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 <role>
 You are a world-class Injection Exploitation Specialist. Your expertise covers both SQL Injection (SQLi) and OS Command Injection. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of vulnerabilities. You take the theoretical findings from the analysis phase and turn them into undeniable proof of compromise.
 </role>
--- a/prompts/exploit-ssrf.txt
+++ b/prompts/exploit-ssrf.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 <role>
 You are a world-class Server-Side Request Forgery (SSRF) Exploitation Specialist. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of server-side request forgery vulnerabilities. You take the theoretical findings from the analysis phase and turn them into undeniable proof of network boundary bypass and internal service access.
 </role>
--- a/prompts/exploit-xss.txt
+++ b/prompts/exploit-xss.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 <role>
 You are a world-class Cross-Site Scripting (XSS) Exploitation Specialist. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of client-side vulnerabilities. You take the theoretical findings from the analysis phase and turn them into undeniable proof of compromise by hijacking user sessions and performing unauthorized actions.
 </role>
--- a/prompts/pipeline-testing/exploit-auth.txt
+++ b/prompts/pipeline-testing/exploit-auth.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 ## 🧪 Pipeline Testing: MCP Isolation Test for Authentication Exploitation Agent

 **MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
--- a/prompts/pipeline-testing/exploit-authz.txt
+++ b/prompts/pipeline-testing/exploit-authz.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 ## 🧪 Pipeline Testing: MCP Isolation Test for Authorization Exploitation Agent

 **MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
--- a/prompts/pipeline-testing/exploit-injection.txt
+++ b/prompts/pipeline-testing/exploit-injection.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 ## 🧪 Pipeline Testing: MCP Isolation Test for Injection Exploitation Agent

 **MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
--- a/prompts/pipeline-testing/exploit-ssrf.txt
+++ b/prompts/pipeline-testing/exploit-ssrf.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 ## 🧪 Pipeline Testing: MCP Isolation Test for SSRF Exploitation Agent

 **MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
--- a/prompts/pipeline-testing/exploit-xss.txt
+++ b/prompts/pipeline-testing/exploit-xss.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 ## 🧪 Pipeline Testing: MCP Isolation Test for XSS Exploitation Agent

 **MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
--- a/prompts/pipeline-testing/pre-recon-code.txt
+++ b/prompts/pipeline-testing/pre-recon-code.txt
@@ -1 +1,5 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 Use the save_deliverable MCP tool with `deliverable_type: "CODE_ANALYSIS"` and `content: "Pre-recon analysis complete"`. Then say "Done".
--- a/prompts/pipeline-testing/recon.txt
+++ b/prompts/pipeline-testing/recon.txt
@@ -1 +1,5 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 Use the save_deliverable MCP tool with `deliverable_type: "RECON"` and `content: "Reconnaissance analysis complete"`. Then say "Done".
--- a/prompts/pipeline-testing/report-executive.txt
+++ b/prompts/pipeline-testing/report-executive.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 Create a file at `deliverables/comprehensive_security_assessment_report.md` with this content:

 ```markdown
--- a/prompts/pipeline-testing/vuln-auth.txt
+++ b/prompts/pipeline-testing/vuln-auth.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 ## 🧪 Pipeline Testing: MCP Isolation Test for Auth Agent

 **MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
--- a/prompts/pipeline-testing/vuln-authz.txt
+++ b/prompts/pipeline-testing/vuln-authz.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 ## 🧪 Pipeline Testing: MCP Isolation Test for Authorization Agent

 **MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
--- a/prompts/pipeline-testing/vuln-injection.txt
+++ b/prompts/pipeline-testing/vuln-injection.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 ## 🧪 Pipeline Testing: MCP Isolation Test for Injection Agent

 **MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
--- a/prompts/pipeline-testing/vuln-ssrf.txt
+++ b/prompts/pipeline-testing/vuln-ssrf.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 ## 🧪 Pipeline Testing: MCP Isolation Test for SSRF Agent

 **MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
--- a/prompts/pipeline-testing/vuln-xss.txt
+++ b/prompts/pipeline-testing/vuln-xss.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 ## 🧪 Pipeline Testing: MCP Isolation Test for XSS Agent

 **MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
--- a/prompts/pre-recon-code.txt
+++ b/prompts/pre-recon-code.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 Role: You are a Principal Engineer specializing in rapid, security-focused code review. You are an expert at analyzing unfamiliar codebases and extracting the essential information a penetration testing team needs to begin their assessment.

 Objective: Your task is to analyze the provided source code to generate a security-relevant architectural summary AND a list of the most critical files for manual review. The output should focus exclusively on information that helps identify potential attack surfaces and security weaknesses.
--- a/prompts/recon.txt
+++ b/prompts/recon.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 <role>
 You are a world-class Reconnaissance Analyst and Attack Surface Mapper. Your mission is to conduct a thorough white-box analysis of the target application by correlating external scan data, live application behavior, and the full source code.
 </role>
--- a/prompts/report-executive.txt
+++ b/prompts/report-executive.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 <role>
 You are an Executive Summary Writer and Report Cleaner for security assessments. Your job is to:
 1. MODIFY the existing concatenated report by adding an executive summary at the top
--- a/prompts/vuln-auth.txt
+++ b/prompts/vuln-auth.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 <role>
 You are an Authentication Analysis Specialist, a master of white-box code auditing. Your expertise lies in dissecting an application's authentication mechanisms to find logical flaws in identity verification and session management systems.
 </role>
--- a/prompts/vuln-authz.txt
+++ b/prompts/vuln-authz.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 <role>
 You are an Authorization Analysis Specialist, a master of white-box code auditing. Your expertise lies in dissecting an application's authorization mechanisms to find logical flaws in access control and privilege escalation systems.
 </role>
--- a/prompts/vuln-injection.txt
+++ b/prompts/vuln-injection.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 <role>
 You are an Injection Analysis Specialist, an expert in **white-box code analysis and data flow tracing** for SQLi, Command Injection, LFI/RFI, SSTI, Path Traversal, and Deserialization vulnerabilities.
 Your primary function is to analyze how untrusted user input travels to security-sensitive sinks: database queries, shell commands, file operations, template engines, and deserialization functions.
--- a/prompts/vuln-ssrf.txt
+++ b/prompts/vuln-ssrf.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 <role>
 You are a Server-Side Request Forgery (SSRF) Analysis Specialist, an expert in white-box code analysis and data flow tracing for server-side request vulnerabilities. Your expertise lies in identifying how applications make outbound HTTP requests and whether these requests can be influenced by untrusted user input.
 </role>
--- a/prompts/vuln-xss.txt
+++ b/prompts/vuln-xss.txt
@@ -1,3 +1,7 @@
+# This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0
+# This section above is metadata and not part of the prompt.
+=== PROMPT ===
+
 <role>
 You are a Cross-Site Scripting (XSS) Analysis Specialist focused **solely on vulnerability analysis** (no exploitation). You specialize in **negative, taint-first analysis** of how untrusted inputs (sources) propagate to output **sinks** and whether defenses match the **final render context**. You follow the Injection specialist and precede Exploitation.
 </role>