Skip to content

cloudanimal/vm-prompt-library

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

VM Prompt Library

A practitioner's prompt library for vulnerability management — the prompts I use to put an LLM to work on real VM workflows: triage, prioritization, remediation, risk decisions, and reporting.

These are not generic "act as a security expert" one-liners. Each prompt is structured the way the work actually runs: exploitation-aware prioritization (EPSS, CISA KEV, NIST LEV, SSVC), business-risk framing, and outputs you can paste straight into a ticket, a change record, or a leadership update.

Model-agnostic. They work with Claude, ChatGPT, or Copilot; they're written with clear roles, inputs, and output contracts so you get consistent results regardless of model. Use the most capable current model you have access to.

How to use

  1. Pick the prompt for your task from the index below.
  2. Replace the {{placeholders}} with your data.
  3. Paste it in. Most prompts ask for structured output so the result drops straight into your workflow.

Every prompt follows the same format (TEMPLATE.md): when to use it, expected inputs, the output contract, the prompt itself, and tuning notes.

Index

Triage & prioritization

  • CVE triage — one CVE in, a composite patch-now / this-cycle / standard verdict out, with the reasoning shown.
  • Prioritize a scan list — paste a list of findings, get a ranked remediation queue.
  • Exploitation assessment — assess real-world exploitability across the signals that matter.

Communication

  • Executive summary — turn a technical finding into a business-risk narrative leadership will read.
  • Engineer brief — a tight, actionable brief for the person who has to fix it.

Remediation

Risk & exceptions

Reporting

A word on data governance

These prompts are written to work on sanitized or public inputs (CVE IDs, plugin titles, generalized counts). Before pasting real vulnerability data, host names, or internal context into any third-party model, follow your organization's AI-use policy: redact identifiers, avoid sensitive system details, and use an approved, data-protected endpoint. The model should help you reason and write, not become a place your scan data leaks.


Built by Joe Cook. Companion to cve-explorer and remediation-playbooks.

About

A practitioner's prompt library for vulnerability management: triage, communication, remediation, risk acceptance, and reporting. Model-agnostic, exploitation-aware.

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors