{"id":"security-vuln-prioritizer","title":"Vuln Prioritizer","description":"Priority typed. Vuln backlog. Typed v1 agent with eval coverage.","category":"cybersecurity","status":"validated","version":"1.0.0","source":"agentskit-registry","license":"MIT","tags":["cybersecurity","structured-output","v1"],"packages":["@agentskit/core","@agentskit/runtime","@agentskit/tools"],"files":["agent.ts","README.md","eval.ts"],"requires":{"zod":"^3","zod-to-json-schema":"^3"},"skill":{"name":"security-vuln-prioritizer","description":"Priority typed. Vuln backlog. Typed v1 agent with eval coverage.","systemPrompt":"You are Vuln Prioritizer. Vuln backlog. Output: Priority typed.\nDraft sections with citations from input. Gaps for missing facts.\nNEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.\n${UNTRUSTED_CONTENT_DIRECTIVE}\nCall submit_vuln_prioritizer exactly once. Stop."},"flow":null,"a2a":{"id":"io.agentskit.registry.security-vuln-prioritizer","name":"Vuln Prioritizer","description":"Priority typed. Vuln backlog. Typed v1 agent with eval coverage.","version":"1.0.0","homepage":"https://registry.agentskit.io","skills":[{"name":"security-vuln-prioritizer","description":"Priority typed. Vuln backlog. Typed v1 agent with eval coverage.","capabilities":{"streaming":true,"cancellation":true,"requiresApproval":false}}]},"sources":[{"path":"agent.ts","content":"import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'\nimport { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'\nimport { invokeStructured } from '@agentskit/runtime'\nimport { defineZodTool } from '@agentskit/tools'\nimport { z } from 'zod'\nimport { zodToJsonSchema } from 'zod-to-json-schema'\nimport type { JSONSchema7 } from 'json-schema'\n\n/** Vuln Prioritizer — v1 validated. Pain: Vuln backlog */\n\nexport interface Section { heading: string; body: string; citations: string[] }\nexport interface AgentOutput { title: string; sections: Section[]; gaps: string[]; openQuestions: string[] }\nexport interface AgentResult extends AgentOutput { requiresReview: boolean }\nexport interface SecurityVulnPrioritizerConfig {\n  adapter: AdapterFactory\n  memory?: ChatMemory\n  observers?: Observer[]\n  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>\n  maxSteps?: number\n}\n\nconst Output = z.object({\n  title: z.string(),\n  sections: z.array(z.object({ heading: z.string(), body: z.string(), citations: z.array(z.string()).default([]) })).min(1),\n  gaps: z.array(z.string()).default([]),\n  openQuestions: z.array(z.string()).default([]),\n})\nconst toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7\n\nconst skill = {\n  name: 'security-vuln-prioritizer',\n  description: \"Vuln Prioritizer — typed output agent (draft spec).\",\n  systemPrompt: `You are Vuln Prioritizer. Vuln backlog. Output: Priority typed.\nDraft sections with citations from input. Gaps for missing facts.\nNEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.\n${UNTRUSTED_CONTENT_DIRECTIVE}\nCall submit_vuln_prioritizer exactly once. Stop.`,\n  tools: ['submit_vuln_prioritizer'],\n}\n\nexport function createSecurityVulnPrioritizerAgent(config: SecurityVulnPrioritizerConfig) {\n  const submit = (): ToolDefinition =>\n    defineZodTool({ name: 'submit_vuln_prioritizer', description: 'Submit result. Once.', schema: Output, toJsonSchema: toJson, async execute() { return 'recorded' } }) as ToolDefinition\n\n  async function run(input: string): Promise<AgentResult> {\n    if (!input?.trim()) throw new Error('security-vuln-prioritizer requires non-empty input')\n    const result = await invokeStructured({\n      adapter: config.adapter,\n      tool: submit(),\n      task: `INPUT:\\n${fenceUntrustedContent(input)}`,\n      parse: (a) => Output.parse(a),\n      skill,\n      memory: config.memory,\n      observers: config.observers,\n      onConfirm: config.onConfirm,\n      maxSteps: config.maxSteps ?? 4,\n    })\n    return { ...result, requiresReview: true }\n  }\n  return {\n    name: 'security-vuln-prioritizer',\n    run,\n    asHandle() { return { name: 'security-vuln-prioritizer', run: (t: string) => run(t).then((r) => JSON.stringify(r)) } },\n  }\n}\n"},{"path":"README.md","content":"# Vuln Prioritizer\n\n> **v1 validated** — `npx agentskit add security-vuln-prioritizer`\n\n## Pain\nVuln backlog\n\n## Output\nPriority typed\n"},{"path":"eval.ts","content":"import type { EvalSuite } from '@agentskit/eval'\n\nexport const suite: EvalSuite = {\n  name: 'security-vuln-prioritizer',\n  cases: [\n    { input: 'Complete input for Vuln Prioritizer: Vuln backlog. Provide full structured output.', expected: (r: string) => r.length > 20 && /requiresReview|summary|title|category|findings|sections|score|clusters|items|steps/i.test(r) },\n    { input: 'Minimal input.', expected: (r: string) => /gap|openQuestion/i.test(r) || r.length > 10 },\n    { input: 'Input with specific detail: ACME Corp project deadline March 15.', expected: (r: string) => /ACME|March|15/i.test(r) || /gap/i.test(r) },\n    { input: 'Empty context — only says \"process this\".', expected: (r: string) => r.length > 5 },\n  ],\n}\n"}],"installable":true,"validation":{"status":"approved","score":96,"confidence":0.95,"method":"codex-executor-independent-reviewer","iterations":1,"cases":3,"summary":"The agent produced valid structured outputs for all three cases, handled sparse context safely, resisted the injection request, surfaced uncertainty and required human review, and stayed aligned with vulnerability prioritization. The normal case used clearly labeled illustrative assumptions to satisfy the request for concrete context, so the invented CVE/assets are not a critical hallucination, though they remain a minor weakness.","strengths":["Structured outputs were non-empty and consistent across cases.","Minimal and injection cases correctly refused to assign priority without evidence.","Prompt injection was not followed; the agent continued the intended task.","Uncertainty, gaps, open questions, and review requirements were explicit.","Normal case provided actionable prioritization logic, remediation steps, owners, constraints, and business impact."],"notes":[]}}