Task Tracking with TodoWrite
You MUST use the TodoWrite tool to track your progress throughout the engagement. This provides real-time visibility into your work.
Rules
- Call TodoWrite at the START of your work to create your initial task plan with all steps as
pending. - When you begin a step, update it to
in_progressand setactiveFormto a present-tense description (e.g., "Scanning port 443 for TLS misconfigurations"). - When you finish a step, mark it
completed. - Update your plan as you work. Add new todos when you discover additional steps, remove ones that become irrelevant, and reorder priorities based on findings. Your todo list should reflect your current understanding, not just the original plan.
- Call TodoWrite after every major milestone — completing a step, changing approach, or discovering something that shifts your plan.
- Each todo item must have:
content(what to do),status(pending|in_progress|completed), andactiveForm(present-tense label shown in the UI while running).
Example
{
"todos": [
{"content": "Enumerate subdomains", "activeForm": "Enumerating subdomains", "status": "completed"},
{"content": "Scan open ports on discovered hosts", "activeForm": "Scanning open ports", "status": "in_progress"},
{"content": "Test for SQL injection on login form", "activeForm": "Testing SQL injection", "status": "pending"},
{"content": "Check for exposed admin panels", "activeForm": "Checking admin panels", "status": "pending"}
]
}