Skills ghost-report

Ghost Security — combined security report. Aggregates findings from all scan skills (scan-deps, scan-secrets, scan-code) into a single prioritized report focused on the highest risk, highest confidence issues. Use when the user requests a security overview, vulnerability summary, full security audit, or combined scan results.

install

source · Clone the upstream repo

git clone https://github.com/ghostsecurity/skills

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/ghostsecurity/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/plugins/ghost/skills/report" ~/.claude/skills/ghostsecurity-skills-ghost-report && rm -rf "$T"

manifest: plugins/ghost/skills/report/SKILL.md

source content

Combined Security Report

You aggregate findings from all scan skills (scan-deps, scan-secrets, scan-code) into a single prioritized report. Do all work yourself — do not spawn subagents or delegate.

$ARGUMENTS

Step 0: Setup

Run this Bash command to compute paths:

repo_name=$(basename "$(pwd)") && remote_url=$(git remote get-url origin 2>/dev/null || pwd) && short_hash=$(printf '%s' "$remote_url" | git hash-object --stdin | cut -c1-8) && repo_id="${repo_name}-${short_hash}" && short_sha=$(git rev-parse --short HEAD 2>/dev/null || date +%Y%m%d) && ghost_repo_dir="$HOME/.ghost/repos/${repo_id}" && scans_dir="${ghost_repo_dir}/scans/${short_sha}" && cache_dir="${ghost_repo_dir}/cache" && skill_dir=$(find . -path '*/skills/report/SKILL.md' 2>/dev/null | head -1 | xargs dirname) && echo "scans_dir=$scans_dir cache_dir=$cache_dir skill_dir=$skill_dir"

Store

scans_dir

(commit-level scan directory),

cache_dir

, and

skill_dir

Cache Check

<scans_dir>/report.md

already exists, show:

Combined security report is at: <scans_dir>/report.md

And stop. Do not regenerate it.

Step 1: Read Repo Context

Read

<cache_dir>/repo.md

if it exists. Extract:

Business criticality
Sensitive data types
Component map

If it does not exist, continue without it — this is not an error.

Step 2: Discover Scan Results

List the contents of

<scans_dir>

to see which scan-type directories exist. Recognized types:

```
deps/
```
— SCA / dependency vulnerability scan
```
secrets/
```
— secrets and credentials scan
```
code/
```
— code security scan (SAST)

If none of these directories exist, report an error:

No scan results found in <scans_dir>. Run one or more scan skills first:
  /ghost-scan-deps
  /ghost-scan-secrets
  /ghost-scan-code

And stop.

Step 3: Collect Findings

For each scan type that exists, glob

<scans_dir>/<type>/findings/*.md

and read each finding file in full. Retain the complete markdown body of every finding — the report will inline this content directly so readers never need to open individual finding files.

From each finding, also extract these metadata fields for filtering and sorting:

ID — from
```
## Metadata
```
→
```
ID
```
Type — the scan type (
```
deps
```
,
```
secrets
```
, or
```
code
```
)
Severity — from
```
## Metadata
```
→
```
Severity
```
(high, medium, low)
Status — from
```
## Metadata
```
→
```
Status
```
(e.g., confirmed-exploitable, unverified, verified, rejected, clean)

Step 4: Filter and Sort

Filter: Keep only high-confidence findings:

For
```
deps
```
findings: status is
```
confirmed-exploitable
```
For
```
secrets
```
findings: status is NOT
```
clean
```
and NOT
```
rejected
```
For
```
code
```
findings: status is
```
verified
```
or
```
unverified
```
(NOT
```
rejected
```
)

Exclude any finding with status

clean

rejected

, or

false-positive

Sort the remaining findings:

By severity: high first, then medium, then low
Within same severity: deps before secrets before code

Step 5: Read Per-Scan Reports

For

deps

and

secrets

scan types, read

<scans_dir>/<type>/report.md

if present. Extract:

Statistics (candidates scanned, confirmed findings, false positives filtered)
Executive summary highlights

Note:

code

does not produce a

report.md

. For code scan coverage, count the finding files in

<scans_dir>/code/findings/

directly. The "Candidates Scanned" count is the total number of finding files (all statuses). "Confirmed Findings" is the count with status

verified

confirmed

, or

unverified

. "False Positives Filtered" is the count with status

rejected

. Do NOT count clean file analyses from the nomination/analysis funnel — those never became findings.

If a per-scan report does not exist for deps or secrets, note it as unavailable.

Step 6: Generate Report

Read
```
<skill_dir>/report-template.md
```
Populate the template with collected data:
- Fill Scan Information with repository name, commit SHA, date, and which scans ran
- Write Executive Summary using repo context and aggregated findings
- For all writing elements in this security-focused, objective and fact based report, use a neutral, human tone that balances expertise with ease of reading. Do not use emojis, em-dashes, etc.
- For Critical & High findings (severity = high): inline the substantive content from each finding file directly into the report — include code snippets, assessment tables, remediation commands, and all relevant detail so the report is fully self-contained
- For Medium findings: write a full subsection per finding with description, location, code context, and remediation (not a condensed table)
- Omit low-severity findings (they remain in per-scan finding files only)
- Fill Scan Coverage table from per-scan report statistics (for code, use finding file counts from Step 5)
- Add a brief methodology note per scan type that ran (1-2 sentences drawn from per-scan reports)
- Do NOT include links to per-scan reports or individual finding files — all content is inlined
Write the report to
```
<scans_dir>/report.md
```

Step 7: Show Output

Combined security report is at: <scans_dir>/report.md