{"id":"488e09b8-ed8e-4f25-bb8f-92b2f143897a","shortId":"KTRbjE","kind":"skill","title":"pentest-checklist","tagline":"Provide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of discovered vulnerabilities.","description":"> AUTHORIZED USE ONLY: Use this skill only for authorized security assessments, defensive validation, or controlled educational environments.\n\n# Pentest Checklist\n\n## Purpose\n\nProvide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of discovered vulnerabilities.\n\n## Inputs/Prerequisites\n\n- Clear business objectives for testing\n- Target environment information\n- Budget and timeline constraints\n- Stakeholder contacts and authorization\n- Legal agreements and scope documents\n\n## Outputs/Deliverables\n\n- Defined pentest scope and objectives\n- Prepared testing environment\n- Security monitoring data\n- Vulnerability findings report\n- Remediation plan and verification\n\n## Core Workflow\n\n### Phase 1: Scope Definition\n\n#### Define Objectives\n\n- [ ] **Clarify testing purpose** - Determine goals (find vulnerabilities, compliance, customer assurance)\n- [ ] **Validate pentest necessity** - Ensure penetration test is the right solution\n- [ ] **Align outcomes with objectives** - Define success criteria\n\n**Reference Questions:**\n- Why are you doing this pentest?\n- What specific outcomes do you expect?\n- What will you do with the findings?\n\n#### Know Your Test Types\n\n| Type | Purpose | Scope |\n|------|---------|-------|\n| External Pentest | Assess external attack surface | Public-facing systems |\n| Internal Pentest | Assess insider threat risk | Internal network |\n| Web Application | Find application vulnerabilities | Specific applications |\n| Social Engineering | Test human security | Employees, processes |\n| Red Team | Full adversary simulation | Entire organization |\n\n#### Enumerate Likely Threats\n\n- [ ] **Identify high-risk areas** - Where could damage occur?\n- [ ] **Assess data sensitivity** - What data could be compromised?\n- [ ] **Review legacy systems** - Old systems often have vulnerabilities\n- [ ] **Map critical assets** - Prioritize testing targets\n\n#### Define Scope\n\n- [ ] **List in-scope systems** - IPs, domains, applications\n- [ ] **Define out-of-scope items** - Systems to avoid\n- [ ] **Set testing boundaries** - What techniques are allowed?\n- [ ] **Document exclusions** - Third-party systems, production data\n\n#### Budget Planning\n\n| Factor | Consideration |\n|--------|---------------|\n| Asset Value | Higher value = higher investment |\n| Complexity | More systems = more time |\n| Depth Required | Thorough testing costs more |\n| Reputation Value | Brand-name firms cost more |\n\n**Budget Reality Check:**\n- Cheap pentests often produce poor results\n- Align budget with asset criticality\n- Consider ongoing vs. one-time testing\n\n### Phase 2: Environment Preparation\n\n#### Prepare Test Environment\n\n- [ ] **Production vs. staging decision** - Determine where to test\n- [ ] **Set testing limits** - No DoS on production\n- [ ] **Schedule testing window** - Minimize business impact\n- [ ] **Create test accounts** - Provide appropriate access levels\n\n**Environment Options:**\n```\nProduction  - Realistic but risky\nStaging     - Safer but may differ from production\nClone       - Ideal but resource-intensive\n```\n\n#### Run Preliminary Scans\n\n- [ ] **Execute vulnerability scanners** - Find known issues first\n- [ ] **Fix obvious vulnerabilities** - Don't waste pentest time\n- [ ] **Document existing issues** - Share with testers\n\n**Common Pre-Scan Tools:**\n```bash\n# Network vulnerability scan\nnmap -sV --script vuln TARGET\n\n# Web vulnerability scan\nnikto -h http://TARGET\n```\n\n#### Review Security Policy\n\n- [ ] **Verify compliance requirements** - GDPR, PCI-DSS, HIPAA\n- [ ] **Document data handling rules** - Sensitive data procedures\n- [ ] **Confirm legal authorization** - Get written permission\n\n#### Notify Hosting Provider\n\n- [ ] **Check provider policies** - What testing is allowed?\n- [ ] **Submit authorization requests** - AWS, Azure, GCP requirements\n- [ ] **Document approvals** - Keep records\n\n**Cloud Provider Policies:**\n- AWS: https://aws.amazon.com/security/penetration-testing/\n- Azure: https://docs.microsoft.com/security/pentest\n- GCP: https://cloud.google.com/security/overview\n\n#### Freeze Developments\n\n- [ ] **Stop deployments during testing** - Maintain consistent environment\n- [ ] **Document current versions** - Record system states\n- [ ] **Avoid critical patches** - Unless security emergency\n\n### Phase 3: Expertise Selection\n\n#### Find Qualified Pentesters\n\n- [ ] **Seek recommendations** - Ask trusted sources\n- [ ] **Verify credentials** - OSCP, GPEN, CEH, CREST\n- [ ] **Check references** - Talk to previous clients\n- [ ] **Match expertise to scope** - Web, network, mobile specialists\n\n**Evaluation Criteria:**\n\n| Factor | Questions to Ask |\n|--------|------------------|\n| Experience | Years in field, similar projects |\n| Methodology | OWASP, PTES, custom approach |\n| Reporting | Sample reports, detail level |\n| Communication | Availability, update frequency |\n\n#### Define Methodology\n\n- [ ] **Select testing standard** - PTES, OWASP, NIST\n- [ ] **Determine access level** - Black box, gray box, white box\n- [ ] **Agree on techniques** - Manual vs. automated testing\n- [ ] **Set communication schedule** - Updates and escalation\n\n**Testing Approaches:**\n\n| Type | Access Level | Simulates |\n|------|-------------|-----------|\n| Black Box | No information | External attacker |\n| Gray Box | Partial access | Insider with limited access |\n| White Box | Full access | Insider/detailed audit |\n\n#### Define Report Format\n\n- [ ] **Review sample reports** - Ensure quality meets needs\n- [ ] **Specify required sections** - Executive summary, technical details\n- [ ] **Request machine-readable output** - CSV, XML for tracking\n- [ ] **Agree on risk ratings** - CVSS, custom scale\n\n**Report Should Include:**\n- Executive summary for management\n- Technical findings with evidence\n- Risk ratings and prioritization\n- Remediation recommendations\n- Retesting guidance\n\n### Phase 4: Monitoring\n\n#### Implement Security Monitoring\n\n- [ ] **Deploy IDS/IPS** - Intrusion detection systems\n- [ ] **Enable logging** - Comprehensive audit trails\n- [ ] **Configure SIEM** - Centralized log analysis\n- [ ] **Set up alerting** - Real-time notifications\n\n**Monitoring Tools:**\n```bash\n# Check security logs\ntail -f /var/log/auth.log\ntail -f /var/log/apache2/access.log\n\n# Monitor network\ntcpdump -i eth0 -w capture.pcap\n```\n\n#### Configure Logging\n\n- [ ] **Centralize logs** - Aggregate from all systems\n- [ ] **Set retention periods** - Keep logs for analysis\n- [ ] **Enable detailed logging** - Application and system level\n- [ ] **Test log collection** - Verify all sources working\n\n**Key Logs to Monitor:**\n- Authentication events\n- Application errors\n- Network connections\n- File access\n- System changes\n\n#### Monitor Exception Tools\n\n- [ ] **Track error rates** - Unusual spikes indicate testing\n- [ ] **Brief operations team** - Distinguish testing from attacks\n- [ ] **Document baseline** - Normal vs. pentest activity\n\n#### Watch Security Tools\n\n- [ ] **Review IDS alerts** - Separate pentest from real attacks\n- [ ] **Monitor WAF logs** - Track blocked attempts\n- [ ] **Check endpoint protection** - Antivirus detections\n\n### Phase 5: Remediation\n\n#### Ensure Backups\n\n- [ ] **Verify backup integrity** - Test restoration\n- [ ] **Document recovery procedures** - Know how to restore\n- [ ] **Separate backup access** - Protect from testing\n\n#### Reserve Remediation Time\n\n- [ ] **Allocate team availability** - Post-pentest analysis\n- [ ] **Schedule fix implementation** - Address findings\n- [ ] **Plan verification testing** - Confirm fixes work\n\n#### Patch During Testing Policy\n\n- [ ] **Generally avoid patching** - Maintain consistent environment\n- [ ] **Exception for critical issues** - Security emergencies only\n- [ ] **Communicate changes** - Inform pentesters of any changes\n\n#### Cleanup Procedure\n\n- [ ] **Remove test artifacts** - Backdoors, scripts, files\n- [ ] **Delete test accounts** - Remove pentester access\n- [ ] **Restore configurations** - Return to original state\n- [ ] **Verify cleanup complete** - Audit all changes\n\n#### Schedule Next Pentest\n\n- [ ] **Determine frequency** - Annual, quarterly, after changes\n- [ ] **Consider continuous testing** - Bug bounty, ongoing assessments\n- [ ] **Budget for future tests** - Plan ahead\n\n**Testing Frequency Factors:**\n- Release frequency\n- Regulatory requirements\n- Risk tolerance\n- Past findings severity\n\n## Quick Reference\n\n### Pre-Pentest Checklist\n\n```\n□ Scope defined and documented\n□ Authorization obtained\n□ Environment prepared\n□ Hosting provider notified\n□ Team briefed\n□ Monitoring enabled\n□ Backups verified\n```\n\n### Post-Pentest Checklist\n\n```\n□ Report received and reviewed\n□ Findings prioritized\n□ Remediation assigned\n□ Fixes implemented\n□ Verification testing scheduled\n□ Environment cleaned up\n□ Next test scheduled\n```\n\n## Constraints\n\n- Production testing carries inherent risks\n- Budget limitations affect thoroughness\n- Time constraints may limit coverage\n- Tester expertise varies significantly\n- Findings become stale quickly\n\n## Examples\n\n### Example 1: Quick Scope Definition\n\n```markdown\n**Target:** Corporate web application (app.company.com)\n**Type:** Gray box web application pentest\n**Duration:** 5 business days\n**Excluded:** DoS testing, production database access\n**Access:** Standard user account provided\n```\n\n### Example 2: Monitoring Setup\n\n```bash\n# Enable comprehensive logging\nsudo systemctl restart rsyslog\nsudo systemctl restart auditd\n\n# Start packet capture\ntcpdump -i eth0 -w /tmp/pentest_capture.pcap &\n```\n\n## Troubleshooting\n\n| Issue | Solution |\n|-------|----------|\n| Scope creep | Document and require change approval |\n| Testing impacts production | Schedule off-hours, use staging |\n| Findings disputed | Provide detailed evidence, retest |\n| Remediation delayed | Prioritize by risk, set deadlines |\n| Budget exceeded | Define clear scope, fixed-price contracts |\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.","tags":["pentest","checklist","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows"],"capabilities":["skill","source-sickn33","skill-pentest-checklist","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/pentest-checklist","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34616 github stars · SKILL.md body (10,056 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-23T00:51:22.906Z","embedding":null,"createdAt":"2026-04-18T21:42:16.071Z","updatedAt":"2026-04-23T00:51:22.906Z","lastSeenAt":"2026-04-23T00:51:22.906Z","tsv":"'/security/overview':490 '/security/penetration-testing/':482 '/security/pentest':486 '/tmp/pentest_capture.pcap':1066 '/var/log/apache2/access.log':717 '/var/log/auth.log':714 '1':116,1012 '2':334,1044 '3':513 '4':679 '5':814,1029 'access':366,579,603,615,619,623,765,832,894,1037,1038 'account':363,891,1041 'action':1120 'activ':790 'address':849 'adversari':211 'affect':995 'aggreg':729 'agre':587,652 'agreement':90 'ahead':928 'alert':701,796 'align':141,321 'alloc':839 'allow':274,464 'analysi':698,739,845 'annual':912 'antivirus':811 'app.company.com':1021 'applic':195,197,200,258,743,760,1020,1026,1114 'approach':560,601 'appropri':365 'approv':473,1076 'area':222 'artifact':885 'ask':521,549 'assess':38,178,188,227,922 'asset':245,287,324 'assign':975 'assur':130 'attack':180,611,784,801 'attempt':807 'audit':625,692,904 'auditd':1058 'authent':758 'author':28,36,88,451,466,951 'autom':592 'avail':567,841 'avoid':267,506,862 'aw':468,479 'aws.amazon.com':481 'aws.amazon.com/security/penetration-testing/':480 'azur':469,483 'backdoor':886 'backup':817,819,831,962 'baselin':786 'bash':416,708,1047 'becom':1007 'black':581,606 'block':806 'boundari':270 'bounti':920 'box':582,584,586,607,613,621,1024 'brand':307 'brand-nam':306 'brief':778,959 'budget':81,283,312,322,923,993,1099 'bug':919 'busi':74,359,1030 'captur':1061 'capture.pcap':724 'carri':990 'ceh':528 'central':696,727 'chang':767,875,880,906,915,1075 'cheap':315 'check':314,458,530,709,808 'checklist':3,7,46,51,946,967 'clarifi':121 'clean':982 'cleanup':881,902 'clear':73,1102 'client':535 'clone':381 'cloud':476 'cloud.google.com':489 'cloud.google.com/security/overview':488 'collect':749 'common':411 'communic':566,595,874 'complet':903 'complex':293 'complianc':128,435 'comprehens':6,50,691,1049 'compromis':234 'configur':694,725,896 'confirm':449,854 'connect':763 'consid':326,916 'consider':286 'consist':498,865 'constraint':84,987,998 'contact':86 'continu':917 'contract':1107 'control':42 'core':113 'corpor':1018 'cost':302,310 'could':224,232 'coverag':1001 'creat':361 'credenti':525 'creep':1071 'crest':529 'criteria':147,545 'critic':244,325,507,869 'csv':648 'current':501 'custom':129,559,657 'cvss':656 'damag':225 'data':105,228,231,282,443,447 'databas':1036 'day':1031 'deadlin':1098 'decis':343 'defens':39 'defin':95,119,145,249,259,570,626,948,1101 'definit':118,1015 'delay':1093 'delet':889 'deploy':494,684 'depth':298 'describ':1121 'detail':564,642,741,1089 'detect':687,812 'determin':124,344,578,910 'develop':492 'differ':378 'discov':26,70 'disput':1087 'distinguish':781 'docs.microsoft.com':485 'docs.microsoft.com/security/pentest':484 'document':93,275,405,442,472,500,785,823,950,1072 'domain':257 'dos':352,1033 'dss':440 'durat':1028 'educ':43 'effect':23,67 'emerg':511,872 'employe':206 'enabl':689,740,961,1048 'endpoint':809 'engin':202 'ensur':17,61,134,632,816 'entir':213 'enumer':215 'environ':44,79,102,335,339,368,499,866,953,981 'error':761,772 'escal':599 'eth0':722,1064 'evalu':544 'event':759 'evid':669,1090 'exampl':1010,1011,1043 'exceed':1100 'except':769,867 'exclud':1032 'exclus':276 'execut':10,54,390,639,662,1116 'exist':406 'expect':161 'experi':550 'expertis':514,537,1003 'extern':176,179,610 'f':713,716 'face':184 'factor':285,546,931 'field':553 'file':764,888 'find':107,126,168,196,393,516,667,850,939,972,1006,1086 'firm':309 'first':396 'fix':397,847,855,976,1105 'fixed-pric':1104 'follow':12,56 'format':628 'freez':491 'frequenc':569,911,930,933 'full':210,622 'futur':925 'gcp':470,487 'gdpr':437 'general':861 'get':452 'goal':125 'gpen':527 'gray':583,612,1023 'guidanc':677 'h':429 'handl':444 'high':220 'high-risk':219 'higher':289,291 'hipaa':441 'host':456,955 'hour':1083 'human':204 'id':795 'ideal':382 'identifi':218 'ids/ips':685 'impact':360,1078 'implement':681,848,977 'in-scop':252 'includ':661 'indic':776 'inform':80,609,876 'inher':991 'inputs/prerequisites':72 'insid':189,616 'insider/detailed':624 'integr':820 'intens':386 'intern':186,192 'intrus':686 'invest':292 'ip':256 'issu':395,407,870,1068 'item':264 'keep':474,736 'key':754 'know':169,826 'known':394 'legaci':236 'legal':89,450 'level':367,565,580,604,746 'like':216 'limit':350,618,994,1000 'list':251 'log':690,697,711,726,728,737,742,748,755,804,1050 'machin':645 'machine-read':644 'maintain':497,864 'manag':665 'manual':590 'map':243 'markdown':1016 'match':536 'may':377,999 'meet':634 'methodolog':556,571 'minim':358 'mobil':542 'monitor':104,680,683,706,718,757,768,802,960,1045 'name':308 'necess':133 'need':635 'network':193,417,541,719,762 'next':908,984 'nikto':428 'nist':577 'nmap':420 'normal':787 'notif':705 'notifi':455,957 'object':75,99,120,144 'obtain':952 'obvious':398 'occur':226 'off-hour':1081 'often':240,317 'old':238 'one':330 'one-tim':329 'ongo':327,921 'oper':779 'option':369 'organ':214 'origin':899 'oscp':526 'out-of-scop':260 'outcom':142,158 'output':647 'outputs/deliverables':94 'overview':1124 'owasp':557,576 'packet':1060 'parti':279 'partial':614 'past':938 'patch':508,857,863 'pci':439 'pci-dss':438 'penetr':15,59,135 'pentest':2,45,96,132,155,177,187,316,403,518,789,798,844,877,893,909,945,966,1027 'pentest-checklist':1 'period':735 'permiss':454 'phase':115,333,512,678,813 'plan':9,53,110,284,851,927 'polici':433,460,478,860 'poor':319 'post':843,965 'post-pentest':842,964 'pre':413,944 'pre-pentest':943 'pre-scan':412 'preliminari':388 'prepar':19,63,100,336,337,954 'previous':534 'price':1106 'priorit':246,673,973,1094 'procedur':448,825,882 'process':207 'produc':318 'product':281,340,354,370,380,988,1035,1079 'project':555 'proper':20,64 'protect':810,833 'provid':4,48,364,457,459,477,956,1042,1088 'ptes':558,575 'public':183 'public-fac':182 'purpos':47,123,174 'qualifi':517 'qualiti':633 'quarter':913 'question':149,547 'quick':941,1009,1013 'rate':655,671,773 'readabl':646 'real':703,800 'real-tim':702 'realist':371 'realiti':313 'receiv':969 'recommend':520,675 'record':475,503 'recoveri':824 'red':208 'refer':148,531,942 'regulatori':934 'releas':932 'remedi':24,68,109,674,815,837,974,1092 'remov':883,892 'report':108,561,563,627,631,659,968 'reput':304 'request':467,643 'requir':299,436,471,637,935,1074 'reserv':836 'resourc':385 'resource-intens':384 'restart':1053,1057 'restor':822,829,895 'result':320 'retent':734 'retest':676,1091 'return':897 'review':235,431,629,794,971 'right':139 'risk':191,221,654,670,936,992,1096 'riski':373 'rsyslog':1054 'rule':445 'run':387 'safer':375 'sampl':562,630 'scale':658 'scan':389,414,419,427 'scanner':392 'schedul':355,596,846,907,980,986,1080 'scope':21,65,92,97,117,175,250,254,263,539,947,1014,1070,1103 'script':422,887 'section':638 'secur':37,103,205,432,510,682,710,792,871 'seek':519 'select':515,572 'sensit':229,446 'separ':797,830 'set':268,348,594,699,733,1097 'setup':1046 'sever':940 'share':408 'siem':695 'signific':1005 'similar':554 'simul':212,605 'skill':33,1112 'skill-pentest-checklist' 'social':201 'solut':140,1069 'sourc':523,752 'source-sickn33' 'specialist':543 'specif':157,199 'specifi':636 'spike':775 'stage':342,374,1085 'stakehold':85 'stale':1008 'standard':574,1039 'start':1059 'state':505,900 'stop':493 'submit':465 'success':146 'sudo':1051,1055 'summari':640,663 'surfac':181 'sv':421 'system':185,237,239,255,265,280,295,504,688,732,745,766 'systemctl':1052,1056 'tail':712,715 'talk':532 'target':78,248,424,430,1017 'tcpdump':720,1062 'team':209,780,840,958 'technic':641,666 'techniqu':272,589 'test':16,60,77,101,122,136,171,203,247,269,301,332,338,347,349,356,362,462,496,573,593,600,747,777,782,821,835,853,859,884,890,918,926,929,979,985,989,1034,1077 'tester':410,1002 'third':278 'third-parti':277 'thorough':18,62,300,996 'threat':190,217 'time':297,331,404,704,838,997 'timelin':83 'toler':937 'tool':415,707,770,793 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'track':651,771,805 'trail':693 'troubleshoot':1067 'trust':522 'type':172,173,602,1022 'unless':509 'unusu':774 'updat':568,597 'use':29,31,1084,1110 'user':1040 'valid':40,131 'valu':288,290,305 'vari':1004 'verif':112,852,978 'verifi':434,524,750,818,901,963 'version':502 'vs':328,341,591,788 'vuln':423 'vulner':27,71,106,127,198,242,391,399,418,426 'w':723,1065 'waf':803 'wast':402 'watch':791 'web':194,425,540,1019,1025 'white':585,620 'window':357 'work':753,856 'workflow':114,1118 'written':453 'xml':649 'year':551","prices":[{"id":"b1d304f9-ff45-4f9e-94f6-478e51fb4a9b","listingId":"488e09b8-ed8e-4f25-bb8f-92b2f143897a","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:42:16.071Z"}],"sources":[{"listingId":"488e09b8-ed8e-4f25-bb8f-92b2f143897a","source":"github","sourceId":"sickn33/antigravity-awesome-skills/pentest-checklist","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/pentest-checklist","isPrimary":false,"firstSeenAt":"2026-04-18T21:42:16.071Z","lastSeenAt":"2026-04-23T00:51:22.906Z"}],"details":{"listingId":"488e09b8-ed8e-4f25-bb8f-92b2f143897a","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"pentest-checklist","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34616,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-22T06:40:00Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"56857058f5ac1a0bdde0b9c8cfa0f457523d641f","skill_md_path":"skills/pentest-checklist/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/pentest-checklist"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"pentest-checklist","description":"Provide a comprehensive checklist for planning, executing, and following up on penetration tests. Ensure thorough preparation, proper scoping, and effective remediation of discovered vulnerabilities."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/pentest-checklist"},"updatedAt":"2026-04-23T00:51:22.906Z"}}