Simplify bug-finding skills with shared framework #66
Description
We have a few skills that have similar basic workflow:
- build context about target codebase
- select targets
- run analysis
- get results
- deduplicate and remove false positive
- report
The skills are:
These (and likely more in the future) could just:
- get input (context/targets)
- focus on bug finding
- output all results in some standard format (sarif?)
A new "framework" skill could then provide the input and do all the dedup/judge/merge/report stuff. That could be split into a few skills ofc.
Goals:
- Simplify code auditing skills
- Unify finding management across the skills
- Make it easier to write new code auditing skills
Anti-goals:
- Provide full infrastructure for automatic code auditing