ghost-report

SKILL.md

Aggregates dependency, secrets, and code scan findings into a single prioritized security report.

Combines results from scan-deps, scan-secrets, and scan-code into one unified report, filtering for high-confidence findings only

Prioritizes findings by severity (high, medium, low) and scan type, inlining full details for critical issues so the report is self-contained

Caches reports at the commit level to avoid regeneration; checks for existing results before running scans

Extracts repository context (business criticality, sensitive data types) from local cache if available to inform risk assessment

Combined Security Report

You aggregate findings from all scan skills (scan-deps, scan-secrets, scan-code) into a single prioritized report. Do all work yourself — do not spawn subagents or delegate.

$ARGUMENTS

Step 0: Setup

Run this Bash command to compute paths:

repo_name=$(basename "$(pwd)") && remote_url=$(git remote get-url origin 2>/dev/null || pwd) && short_hash=$(printf '%s' "$remote_url" | git hash-object --stdin | cut -c1-8) && repo_id="${repo_name}-${short_hash}" && short_sha=$(git rev-parse --short HEAD 2>/dev/null || date +%Y%m%d) && ghost_repo_dir="$HOME/.ghost/repos/${repo_id}" && scans_dir="${ghost_repo_dir}/scans/${short_sha}" && cache_dir="${ghost_repo_dir}/cache" && skill_dir=$(find . -path '*/skills/report/SKILL.md' 2>/dev/null | head -1 | xargs dirname) && echo "scans_dir=$scans_dir cache_dir=$cache_dir skill_dir=$skill_dir"

Store scans_dir (commit-level scan directory), cache_dir, and skill_dir.