Skip to content

Add pre-engagement checklists and documentation requirements to all templates#71

Merged
valITino merged 1 commit intomainfrom
claude/optimize-prompt-templates-DAQyc
Mar 13, 2026
Merged

Add pre-engagement checklists and documentation requirements to all templates#71
valITino merged 1 commit intomainfrom
claude/optimize-prompt-templates-DAQyc

Conversation

@valITino
Copy link
Owner

@valITino valITino commented Mar 13, 2026

Summary

This PR adds standardized pre-engagement checklists and comprehensive documentation requirements across all assessment templates. These additions ensure consistent preparation, execution tracking, and audit trail generation for all engagement types.

Key Changes

  • Pre-engagement checklists: Added "Before you start" sections to all 10 templates with 4-6 critical setup steps including:

    • Placeholder confirmation and configuration validation
    • MCP server health verification (make health)
    • Authorization verification (make inject-verification)
    • Tool capability discovery via server tool listing queries

  • Mandatory documentation framework: Added three standardized documentation files required at the end of each engagement:

    1. Engagement/Hunt/Assessment/Collection/Recon/Scan Log — chronological execution record with session metadata, step-by-step tool execution, findings discovered, and decisions made
    2. Issues & Errors Log — complete record of tool failures, scan anomalies, exploitation failures, warnings, skipped tests, false positives, and data quality notes
    3. Evidence Index — structured catalog of all artifacts (screenshots, extracted data, traffic captures, payloads, etc.)

  • Template-specific documentation: Each template's documentation section tailored to its engagement type:

    • Bug bounty: Hunt Log, Issues Log, Evidence Index
    • API security: Engagement Log, Issues Log, Evidence Index
    • Full attack chain: Engagement Log, Issues Log, Evidence Index
    • Vulnerability assessment: Assessment Log, Issues Log, Evidence Index
    • Full pentest: Engagement Log, Issues Log, Evidence Index
    • Network infrastructure: Engagement Log, Issues Log, Evidence Index
    • Web app assessment: Engagement Log, Issues Log, Evidence Index
    • OSINT gathering: Collection Log, Issues Log, Intelligence Index
    • Deep recon: Recon Log, Issues Log, Discovery Index
    • Quick scan: Scan Log, Issues Log

Notable Implementation Details

  • All documentation files follow consistent naming convention: [log-type]-[TARGET]-DDMMYYYY.md
  • Each log type includes specific fields relevant to the engagement methodology (e.g., OWASP API Top 10 coverage for API security, credential reuse maps for network assessments)
  • Documentation requirements emphasize audit trail creation for engagement review, quality assurance, and compliance verification
  • Pre-engagement checklists are consistently positioned before the execution plan in each template
  • All documentation sections include a closing note emphasizing their importance for engagement review and follow-up planning

https://claude.ai/code/session_01UxruBeSAeE6Dn5HmyD2b2M

@claude
feat: add comprehensive engagement documentation to all prompt templates
422225b 
Add mandatory documentation/logging sections to all 10 prompt templates
instructing Claude Code to write detailed audit trail files at engagement end:

1. Engagement/Scan/Hunt/Collection Log — chronological record of every phase,
   tool execution, decision, and outcome with structured summary tables
2. Issues & Errors Log — complete record of tool failures, scan anomalies,
   exploitation failures, false positives, skipped tests, and data quality notes
3. Evidence Index — catalog of screenshots, extracted data, traffic captures,
   payloads, and session artifacts with cross-references to findings

Each documentation section is tailored to the template type:
- Exploitation templates: full engagement log + evidence index with PoC mapping
- Recon template: discovery index with subdomain/DNS/service inventories
- OSINT template: intelligence index with source tracking
- Bug bounty template: hunt log with scope compliance and program rule tracking
- Quick scan: lighter scan log with coverage gaps and follow-up recommendations

Also adds "Before you start" pre-flight checklists to all templates (UX
improvement) covering target confirmation, MCP health, and authorization status.

All documentation files write to output/reports/ with target-and-date filenames.

https://claude.ai/code/session_01UxruBeSAeE6Dn5HmyD2b2M
@valITino valITino marked this pull request as ready for review March 13, 2026 15:20
@valITino valITino merged commit da18466 into main Mar 13, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@valITino @claude