diff --git a/prompts/exploit-auth.txt b/prompts/exploit-auth.txt index 25ac8d7..0ae009a 100644 --- a/prompts/exploit-auth.txt +++ b/prompts/exploit-auth.txt @@ -408,7 +408,12 @@ If [blocker] were bypassed/removed: COMPLETION REQUIREMENTS (ALL must be satisfied): 1. Plan Completion: ALL tasks in your todo list must be marked as completed using the TodoWrite tool. 2. Deliverable Generation: The required deliverable must be successfully saved using save_deliverable script: - - Evidence report: Write to `deliverables/auth_exploitation_evidence.md`, then call `save_deliverable` with `deliverable_type: "AUTH_EVIDENCE"` and `file_path` (not inline `content`) + - **CHUNKED WRITING (MANDATORY):** + 1. Use the **Write** tool to create `deliverables/auth_exploitation_evidence.md` with the title and first major section + 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content + 3. Repeat step 2 for all remaining sections + 4. Call `save_deliverable` with `deliverable_type: "AUTH_EVIDENCE"` and `file_path: "deliverables/auth_exploitation_evidence.md"` + **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. CRITICAL WARNING: Announcing completion before every item in deliverables/auth_exploitation_queue.json has been pursued to a final, evidence-backed conclusion will be considered a mission failure. diff --git a/prompts/exploit-authz.txt b/prompts/exploit-authz.txt index 47bd5ad..bcdd025 100644 --- a/prompts/exploit-authz.txt +++ b/prompts/exploit-authz.txt @@ -410,7 +410,12 @@ If [blocker] were bypassed/removed: COMPLETION REQUIREMENTS (ALL must be satisfied): 1. Plan Completion: ALL tasks in your todo list must be marked as completed using the TodoWrite tool. 2. Deliverable Generation: The required deliverable must be successfully saved using save_deliverable script: - - Evidence report: Write to `deliverables/authz_exploitation_evidence.md`, then call `save_deliverable` with `deliverable_type: "AUTHZ_EVIDENCE"` and `file_path` (not inline `content`) + - **CHUNKED WRITING (MANDATORY):** + 1. Use the **Write** tool to create `deliverables/authz_exploitation_evidence.md` with the title and first major section + 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content + 3. Repeat step 2 for all remaining sections + 4. Call `save_deliverable` with `deliverable_type: "AUTHZ_EVIDENCE"` and `file_path: "deliverables/authz_exploitation_evidence.md"` + **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. CRITICAL WARNING: Announcing completion before every item in deliverables/authz_exploitation_queue.json has been pursued to a final, evidence-backed conclusion will be considered a mission failure. diff --git a/prompts/exploit-injection.txt b/prompts/exploit-injection.txt index a8de282..8038cbe 100644 --- a/prompts/exploit-injection.txt +++ b/prompts/exploit-injection.txt @@ -437,7 +437,12 @@ If [blocker] were bypassed/removed: COMPLETION REQUIREMENTS (ALL must be satisfied): 1. **Plan Completion:** ALL tasks for EVERY vulnerability in your todo list must be marked as completed using the TodoWrite tool. **No vulnerability or task can be left unaddressed.** 2. **Deliverable Generation:** The required deliverable must be successfully saved using save_deliverable MCP tool: - - Evidence report: Write to `deliverables/injection_exploitation_evidence.md`, then call `save_deliverable` with `deliverable_type: "INJECTION_EVIDENCE"` and `file_path` (not inline `content`) + - **CHUNKED WRITING (MANDATORY):** + 1. Use the **Write** tool to create `deliverables/injection_exploitation_evidence.md` with the title and first major section + 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content + 3. Repeat step 2 for all remaining sections + 4. Call `save_deliverable` with `deliverable_type: "INJECTION_EVIDENCE"` and `file_path: "deliverables/injection_exploitation_evidence.md"` + **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. **CRITICAL WARNING:** Announcing completion before every item in `deliverables/injection_exploitation_queue.json` has been pursued to a final, evidence-backed conclusion (either successfully exploited or verified false positive) will be considered a mission failure. Superficial testing is not acceptable. diff --git a/prompts/exploit-ssrf.txt b/prompts/exploit-ssrf.txt index 4602ad8..95a5970 100644 --- a/prompts/exploit-ssrf.txt +++ b/prompts/exploit-ssrf.txt @@ -487,7 +487,12 @@ If [blocker] were bypassed/removed: COMPLETION REQUIREMENTS (ALL must be satisfied): 1. Plan Completion: ALL tasks in your todo list must be marked as completed using the TodoWrite tool. 2. Deliverable Generation: The required deliverable must be successfully saved using save_deliverable script: - - Evidence report: Write to `deliverables/ssrf_exploitation_evidence.md`, then call `save_deliverable` with `deliverable_type: "SSRF_EVIDENCE"` and `file_path` (not inline `content`) + - **CHUNKED WRITING (MANDATORY):** + 1. Use the **Write** tool to create `deliverables/ssrf_exploitation_evidence.md` with the title and first major section + 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content + 3. Repeat step 2 for all remaining sections + 4. Call `save_deliverable` with `deliverable_type: "SSRF_EVIDENCE"` and `file_path: "deliverables/ssrf_exploitation_evidence.md"` + **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. CRITICAL WARNING: Announcing completion before every item in deliverables/ssrf_exploitation_queue.json has been pursued to a final, evidence-backed conclusion will be considered a mission failure. diff --git a/prompts/exploit-xss.txt b/prompts/exploit-xss.txt index 0355f29..0b27f75 100644 --- a/prompts/exploit-xss.txt +++ b/prompts/exploit-xss.txt @@ -427,7 +427,12 @@ If [blocker] were bypassed/removed: COMPLETION REQUIREMENTS (ALL must be satisfied): - Todo List Completion: ALL vulnerabilities from the exploitation queue must have been processed and marked as completed in your todo list. - Deliverable Generation: The required deliverable must be successfully saved using save_deliverable MCP tool: - - Evidence report: Write to `deliverables/xss_exploitation_evidence.md`, then call `save_deliverable` with `deliverable_type: "XSS_EVIDENCE"` and `file_path` (not inline `content`) + - **CHUNKED WRITING (MANDATORY):** + 1. Use the **Write** tool to create `deliverables/xss_exploitation_evidence.md` with the title and first major section + 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content + 3. Repeat step 2 for all remaining sections + 4. Call `save_deliverable` with `deliverable_type: "XSS_EVIDENCE"` and `file_path: "deliverables/xss_exploitation_evidence.md"` + **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. **CRITICAL WARNING:** Announcing completion before every item in `deliverables/xss_exploitation_queue.json` has been pursued to a final, evidence-backed conclusion (either successfully exploited or verified false positive) will be considered a mission failure. Superficial testing is not acceptable. diff --git a/prompts/pre-recon-code.txt b/prompts/pre-recon-code.txt index de02338..7abe9fe 100644 --- a/prompts/pre-recon-code.txt +++ b/prompts/pre-recon-code.txt @@ -129,7 +129,12 @@ After Phase 1 completes, launch all three vulnerability-focused agents in parall - Create the `outputs/schemas/` directory using mkdir -p - Copy all discovered schema files to `outputs/schemas/` with descriptive names - Include schema locations in your attack surface analysis -- Write your report to `deliverables/code_analysis_deliverable.md`, then call `save_deliverable` with `deliverable_type: "CODE_ANALYSIS"` and `file_path: "deliverables/code_analysis_deliverable.md"` (do NOT use inline `content`) +- **CHUNKED WRITING (MANDATORY):** + 1. Use the **Write** tool to create `deliverables/code_analysis_deliverable.md` with the title and first major section + 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content + 3. Repeat step 2 for all remaining sections + 4. Call `save_deliverable` with `deliverable_type: "CODE_ANALYSIS"` and `file_path: "deliverables/code_analysis_deliverable.md"` +- **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. **EXECUTION PATTERN:** 1. **Use TodoWrite to create task list** tracking: Phase 1 agents, Phase 2 agents, and report synthesis diff --git a/prompts/recon.txt b/prompts/recon.txt index c57bb84..219f4a9 100644 --- a/prompts/recon.txt +++ b/prompts/recon.txt @@ -368,10 +368,13 @@ CRITICAL: Only include sources tracing to dangerous sinks (shell, DB, file ops, **DELIVERABLE SAVING:** -1. Write your report to `deliverables/recon_deliverable.md` +1. **CHUNKED WRITING (MANDATORY):** + - Use the **Write** tool to create `deliverables/recon_deliverable.md` with the title and first major section + - Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content + - Repeat for all remaining sections 2. Call `save_deliverable` with `deliverable_type: "RECON"` and `file_path: "deliverables/recon_deliverable.md"` -**WARNING:** Do NOT pass your report as inline `content` — it will exceed output token limits. Always use `file_path`. +**WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. Do NOT pass your report as inline `content` to save_deliverable — always use `file_path`. Once the deliverable is successfully saved, announce "RECONNAISSANCE COMPLETE" and stop. diff --git a/prompts/vuln-auth.txt b/prompts/vuln-auth.txt index 3b9f294..76c5c60 100644 --- a/prompts/vuln-auth.txt +++ b/prompts/vuln-auth.txt @@ -254,7 +254,12 @@ This file serves as the handoff mechanism and must always be created to signal c 1. **Systematic Analysis:** ALL relevant API endpoints and user-facing features identified in the reconnaissance deliverable must be analyzed for AuthN/AuthZ flaws. 2. **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable MCP tool: - - Analysis report: Write to `deliverables/auth_analysis_deliverable.md`, then call `save_deliverable` with `deliverable_type: "AUTH_ANALYSIS"` and `file_path` (not inline `content`) + - **CHUNKED WRITING (MANDATORY):** + 1. Use the **Write** tool to create `deliverables/auth_analysis_deliverable.md` with the title and first major section + 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content + 3. Repeat step 2 for all remaining sections + 4. Call `save_deliverable` with `deliverable_type: "AUTH_ANALYSIS"` and `file_path: "deliverables/auth_analysis_deliverable.md"` + **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "AUTH_QUEUE"` and `content: {"vulnerabilities": [...]}` **ONLY AFTER** both systematic analysis AND successful deliverable generation, announce "**AUTH ANALYSIS COMPLETE**" and stop. diff --git a/prompts/vuln-authz.txt b/prompts/vuln-authz.txt index 59eeab8..f096ec4 100644 --- a/prompts/vuln-authz.txt +++ b/prompts/vuln-authz.txt @@ -357,7 +357,12 @@ This file serves as the handoff mechanism and must always be created to signal c 1. **Todo Completion:** ALL tasks in your TodoWrite list must be marked as "completed" 2. **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable MCP tool: - - Analysis report: Write to `deliverables/authz_analysis_deliverable.md`, then call `save_deliverable` with `deliverable_type: "AUTHZ_ANALYSIS"` and `file_path` (not inline `content`) + - **CHUNKED WRITING (MANDATORY):** + 1. Use the **Write** tool to create `deliverables/authz_analysis_deliverable.md` with the title and first major section + 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content + 3. Repeat step 2 for all remaining sections + 4. Call `save_deliverable` with `deliverable_type: "AUTHZ_ANALYSIS"` and `file_path: "deliverables/authz_analysis_deliverable.md"` + **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "AUTHZ_QUEUE"` and `content: {"vulnerabilities": [...]}` **ONLY AFTER** both todo completion AND successful deliverable generation, announce "**AUTHORIZATION ANALYSIS COMPLETE**" and stop. diff --git a/prompts/vuln-injection.txt b/prompts/vuln-injection.txt index 1808c57..a8577df 100644 --- a/prompts/vuln-injection.txt +++ b/prompts/vuln-injection.txt @@ -364,7 +364,12 @@ This file serves as the handoff mechanism to the Exploitation phase and must alw 1. **Todo Completion:** ALL tasks in your TodoWrite list must be marked as "completed" 2. **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable MCP tool: - - Analysis report: Write to `deliverables/injection_analysis_deliverable.md`, then call `save_deliverable` with `deliverable_type: "INJECTION_ANALYSIS"` and `file_path` (not inline `content`) + - **CHUNKED WRITING (MANDATORY):** + 1. Use the **Write** tool to create `deliverables/injection_analysis_deliverable.md` with the title and first major section + 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content + 3. Repeat step 2 for all remaining sections + 4. Call `save_deliverable` with `deliverable_type: "INJECTION_ANALYSIS"` and `file_path: "deliverables/injection_analysis_deliverable.md"` + **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "INJECTION_QUEUE"` and `content: {"vulnerabilities": [...]}` **ONLY AFTER** both todo completion AND successful deliverable generation, announce "**INJECTION ANALYSIS COMPLETE**" and stop. diff --git a/prompts/vuln-ssrf.txt b/prompts/vuln-ssrf.txt index e94365b..e4c707a 100644 --- a/prompts/vuln-ssrf.txt +++ b/prompts/vuln-ssrf.txt @@ -301,7 +301,12 @@ This file serves as the handoff mechanism and must always be created to signal c 1. **Systematic Analysis:** ALL relevant API endpoints and request-making features identified in the reconnaissance deliverable must be analyzed for SSRF vulnerabilities. 2. **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable MCP tool: - - Analysis report: Write to `deliverables/ssrf_analysis_deliverable.md`, then call `save_deliverable` with `deliverable_type: "SSRF_ANALYSIS"` and `file_path` (not inline `content`) + - **CHUNKED WRITING (MANDATORY):** + 1. Use the **Write** tool to create `deliverables/ssrf_analysis_deliverable.md` with the title and first major section + 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content + 3. Repeat step 2 for all remaining sections + 4. Call `save_deliverable` with `deliverable_type: "SSRF_ANALYSIS"` and `file_path: "deliverables/ssrf_analysis_deliverable.md"` + **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "SSRF_QUEUE"` and `content: {"vulnerabilities": [...]}` **ONLY AFTER** both systematic analysis AND successful deliverable generation, announce "**SSRF ANALYSIS COMPLETE**" and stop. diff --git a/prompts/vuln-xss.txt b/prompts/vuln-xss.txt index d0aed3a..12980e8 100644 --- a/prompts/vuln-xss.txt +++ b/prompts/vuln-xss.txt @@ -290,7 +290,12 @@ COMPLETION REQUIREMENTS (ALL must be satisfied): 1. Systematic Analysis: ALL input vectors identified from the reconnaissance deliverable must be analyzed. 2. Deliverable Generation: Both required deliverables must be successfully saved using save_deliverable MCP tool: - - Analysis report: Write to `deliverables/xss_analysis_deliverable.md`, then call `save_deliverable` with `deliverable_type: "XSS_ANALYSIS"` and `file_path` (not inline `content`) + - **CHUNKED WRITING (MANDATORY):** + 1. Use the **Write** tool to create `deliverables/xss_analysis_deliverable.md` with the title and first major section + 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content + 3. Repeat step 2 for all remaining sections + 4. Call `save_deliverable` with `deliverable_type: "XSS_ANALYSIS"` and `file_path: "deliverables/xss_analysis_deliverable.md"` + **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "XSS_QUEUE"` and `content: {"vulnerabilities": [...]}` ONLY AFTER both systematic analysis AND successful deliverable generation, announce "XSS ANALYSIS COMPLETE" and stop.