Skip to main content

Task Registration

When you need to create a task for another phase to investigate, delegate to the register-task subagent. The subagent validates quality (description, done_definition, service linkage), checks for duplicates, and creates the task with proper queueing.

P2, P4, and P5 tasks are auto-created by other tools — this handles P3, P6, P7, P8.

Phase-Specific Quality Standards

P3 — Flow Analysis

  • Description must name the specific flow (e.g., "password reset flow", "checkout flow")
  • Must list known steps in the flow
  • Must explain what business logic to analyze
  • Done definition: specific flows documented with attack questions identified

P6 — Validation

  • Description must reference the P5 finding being validated
  • Must include reproduction context (what was found, how)
  • Must specify what exactly to validate
  • Done definition: finding independently reproduced or refuted with evidence

P7 — Vulnerability Chaining

  • Description must list the specific findings to chain
  • Must explain the proposed attack path
  • Must describe the combined impact
  • Done definition: chain tested, combined impact documented

P8 — Deep Exploitation

  • Description must reference the confirmed finding
  • Must explain what further exploitation to attempt
  • Must describe potential escalation (e.g., version fingerprinting → CVE search)
  • Done definition: exploitation avenues tested, additional findings documented

Quality Standards

Title (1-80 chars): Pattern: "P{phase}: {action} on {target}"

  • GOOD: "P3: Analyze password reset flow on auth-service"
  • BAD: "Investigate the flow" / title same as description

Description (≥50 chars): Must include target context, what to investigate, relevant prior findings

  • GOOD: "Analyze the password reset flow on auth-service (service_id=5). Flow steps: request reset → email with token → click link → set new password. Check for: token predictability, token reuse, rate limiting on reset requests, account enumeration via error messages."
  • BAD: "Look at password reset"

Done Definition (≥20 chars): Specific, measurable completion criteria

  • GOOD: "All flow steps documented, 5+ attack questions identified with P5 tasks, token analysis completed"
  • BAD: "Task completed" / "Done"

How to Delegate

P3 Flow Analysis

Agent("register-task", "P3 flow analysis needed. Phase: 3. Service: auth-service (service_id=5).
Flow: Password reset flow. Known steps: request reset via email → receive token link → click to reset → enter new password.
Analyze for: token predictability, rate limiting, account enumeration, token reuse after password change.")

P6 Validation

Agent("register-task", "P6 validation needed. Phase: 6. Service: api-service (service_id=3).
Validate P5 finding: confirmed SQL injection on POST /api/search sort_by parameter.
Reproduction: send time-based payload 'sort_by=1;WAITFOR DELAY 00:00:05--' with auth Bearer token.
Need independent reproduction with fresh session.")

P7 Chaining

Agent("register-task", "P7 chaining needed. Phase: 7. Services: service_id=3, service_id=5.
Chain findings: SSRF on endpoint 42 (finding #12) + unauthenticated internal API (finding #15).
Attack path: external SSRF reaches internal admin API which has no auth.
Combined impact: admin access via external request.")

P8 Deep Exploitation

Agent("register-task", "P8 exploitation needed. Phase: 8. Service: api-service (service_id=3).
Exploit confirmed SQL injection (finding #22) further. The injection is on PostgreSQL 15.4.
Attempt: pg_read_file for config extraction, version fingerprinting for CVE-2024-* search,
potential RCE via COPY TO/FROM PROGRAM.")

Rules

  • To create tasks, always delegate to the register-task subagent
  • P2/P4/P5 tasks are auto-created by other tools — do not try to create them here
  • Each task must be linked to at least one service via service_ids
  • Wait for the subagent to complete before continuing