Skip to main content
SkillJury
Back to registry

ghost-validate

ghostsecurity/skills

Determine whether a security finding is a true positive or false positive. Produce a determination with supporting evidence.

Installs417
Install command
npx skills add https://github.com/ghostsecurity/skills --skill ghost-validate
Security audits
Gen Agent Trust HubPASS
SocketPASS
SnykFAIL
About this skill
Determine whether a security finding is a true positive or false positive. Produce a determination with supporting evidence. The user provides a finding as a file path or pasted text. If neither is provided, ask for one. Extract: vulnerability class, specific claim, affected endpoint, code location, and any existing validation evidence. Identify: If a live instance of the application is accessible and the vulnerability can be confirmed through live interaction, use the proxy skill to confirm exploitability: Classify the finding as one of: Output a summary in the following format: Example: If the finding was provided as a file path, ask the user if they would like to append the validation details to the original finding file. If they agree, append a ## Validation section to the file containing the determination, confidence, evidence summary, and recommendation. See VULNERABILITY_PATTERNS.md in this skill directory for patterns to look for when validating authorization flaws (BFLA/BOLA/IDOR), injection (SQLi/XSS), and authentication flaws.

Source description provided by the upstream skill listing. Community reviews and install context appear in the sections below.

Community Reviews

Latest reviews

Sign in to review

No community reviews yet. Be the first to review.

Browse this skill in context
FAQ
What does ghost-validate do?

Determine whether a security finding is a true positive or false positive. Produce a determination with supporting evidence.

Is ghost-validate good?

ghost-validate does not have approved reviews yet, so SkillJury cannot publish a community verdict.

What agent does ghost-validate work with?

ghost-validate currently lists compatibility with codex, gemini-cli, cursor, amp, github-copilot, claude-code.

What are alternatives to ghost-validate?

Skills in the same category include telegram-bot-builder, flutter-app-size, sharp-edges, iterative-retrieval.

How do I install ghost-validate?

npx skills add https://github.com/ghostsecurity/skills --skill ghost-validate

telegram-bot-builderflutter-app-sizesharp-edgesiterative-retrieval
Related skills

More from ghostsecurity/skills

ghost-scan-code

by ghostsecurity/skills

762

You find security issues in a repository. This skill plans which vulnerability vectors to scan, then executes those scans against each project.

Software EngineeringFrontend and DesignFirst seen Feb 19, 2026

ghost-scan-secrets

by ghostsecurity/skills

593

Source details, install context, and public review data are available on the full page.

Software EngineeringResearch and AuditsFirst seen Feb 19, 2026

ghost-scan-deps

by ghostsecurity/skills

512

Source details, install context, and public review data are available on the full page.

Software EngineeringResearch and AuditsFirst seen Feb 19, 2026

ghost-proxy

by ghostsecurity/skills

428

Reaper is a CLI-based MITM HTTPS proxy for application security testing. It intercepts, logs, and allows inspection of HTTP/HTTPS traffic flowing through it. Use it to capture live request/response pairs for security validation.

Software EngineeringFrontend and DesignFirst seen Feb 19, 2026
Related skills

Alternatives in Software Engineering

telegram-bot-builder

by sickn33/antigravity-awesome-skills

998

Source details, install context, and public review data are available on the full page.

Software EngineeringFrontend and DesignFirst seen Jan 18, 2026

flutter-app-size

by flutter/skills

996

Analyzes and optimizes Flutter application size by measuring build artifacts, generating size analysis reports, utilizing Dart DevTools for component breakdown, and implementing specific size reduction strategies such as debug info splitting, resource compression, and platform-specific tree-shaking. Assumes a...

Software EngineeringFrontend and Design

sharp-edges

by trailofbits/skills

994

Evaluates whether APIs, configurations, and interfaces are resistant to developer misuse. Identifies designs where the "easy path" leads to insecurity.

Software EngineeringFrontend and DesignFirst seen Jan 18, 2026

iterative-retrieval

by affaan-m/everything-claude-code

993

Solves the "context problem" in multi-agent workflows where subagents don't know what context they need until they start working.

Software EngineeringFrontend and DesignFirst seen Jan 25, 2026