---

name: security-report description: | Generate security assessment reports in docx format with findings, risk ratings, and remediation recommendations.

Use when: User asks for security audit report, vulnerability assessment document, penetration test report, or compliance gap analysis document. Keywords: security report, audit findings, vulnerability report, pentest report

Security Report Generator

Quick Start

Copyfrom docx import Document
from docx.shared import Pt, Inches, RGBColor
from docx.enum.text import WD_ALIGN_PARAGRAPH

doc = Document()
doc.add_heading('Security Assessment Report', 0)

Core Workflow

1. Create document with standard sections (see structure below)
2. Apply risk rating colors (Critical=red, High=orange, Medium=yellow, Low=green)
3. Generate findings table with severity sorting
4. Add remediation timeline
5. Save to /mnt/user-data/outputs/

Document Structure

Copy1. Executive Summary (1 page max)
2. Scope & Methodology
3. Risk Summary (table + chart)
4. Detailed Findings (sorted by severity)
   - Finding ID
   - Title
   - Severity + CVSS
   - Description
   - Evidence
   - Remediation
   - References
5. Remediation Roadmap
6. Appendices

Critical Gotchas

• Table borders: Must set each cell border explicitly, no table-level setting
• Color codes: Use RGBColor(r,g,b), not hex strings
• Page breaks: Add before major sections with doc.add_page_break()

Risk Rating Colors

CopyRISK_COLORS = {
    'Critical': RGBColor(192, 0, 0),    # Dark red
    'High': RGBColor(255, 102, 0),      # Orange  
    'Medium': RGBColor(255, 192, 0),    # Yellow
    'Low': RGBColor(0, 176, 80),        # Green
    'Info': RGBColor(91, 155, 213)      # Blue
}

Advanced Features

• EXECUTIVE_SUMMARY.md - C-level friendly language
• CVSS_CALCULATOR.md - Scoring methodology