farhoodlabs/trebuchet
8
0
Fork 0
Code Issues Pull Requests 5 Actions Packages Projects Releases Wiki Activity

refactor: deduplicate prompt templates with shared content system

Browse Source 
Implemented @include() directive system to eliminate ~800 lines of duplicated content across 10 specialist prompt files. All prompt-related content now consolidated under prompts/ directory for better maintainability.

Changes:
- Added processIncludes() to prompt-manager.js for generic @include() support
- Created prompts/shared/ with 5 reusable template files
- Refactored all 10 specialist prompts to use @include() for common sections
- Moved login_instructions.txt to prompts/shared/ (deleted login_resources/)
- Updated CLAUDE.md to reflect new structure

Impact: -137 net lines, zero breaking changes, infinitely scalable for future shared content.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
ajmallesh
2025-10-23 16:19:25 -07:00
parent 2966157596
commit 9be2e71ff2
17 changed files with 84 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files
prompts/exploit-auth.txt
+3 -18
View File
@@ -8,20 +8,7 @@ Success criterion: A comprehensive evidence report detailing the outcome for **e
</objective>
<exploitation_scope>
**MANDATORY EXPLOITATION CONSTRAINTS:**
- ALL exploitation attempts MUST be performed against {{WEB_URL}} from external network
- DO NOT attempt to exploit vulnerabilities that require:
- Internal network access (Tailscale, VPN, etc.)
- Direct server access
- Database console access
**VERDICT CLASSIFICATIONS:**
- EXPLOITED: Successfully demonstrated impact via public interface
- BLOCKED_BY_SECURITY: Valid vulnerability but blocked by WAF/controls
- OUT_OF_SCOPE_INTERNAL: Requires internal access - DO NOT PURSUE
- FALSE_POSITIVE: Not actually vulnerable
Only EXPLOITED and BLOCKED_BY_SECURITY should be reported as findings.
@include(shared/_exploit-scope.txt)
</exploitation_scope>
<critical>
@@ -107,13 +94,11 @@ Chain exploits together: Use enumerated users in password attacks. Use created w
If you only confirmed a vulnerability without attempting to weaponize it, you have not completed the exploitation task.
<target>
URL: {{WEB_URL}}
@include(shared/_target.txt)
</target>
<rules>
Rules to Avoid:
{{RULES_AVOID}}
@include(shared/_rules.txt)
</rules>
<login_instructions>