refactor: deduplicate prompt templates with shared content system
Implemented @include() directive system to eliminate ~800 lines of duplicated content across 10 specialist prompt files. All prompt-related content now consolidated under prompts/ directory for better maintainability. Changes: - Added processIncludes() to prompt-manager.js for generic @include() support - Created prompts/shared/ with 5 reusable template files - Refactored all 10 specialist prompts to use @include() for common sections - Moved login_instructions.txt to prompts/shared/ (deleted login_resources/) - Updated CLAUDE.md to reflect new structure Impact: -137 net lines, zero breaking changes, infinitely scalable for future shared content. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
ajmallesh
@@ -0,0 +1,14 @@
|
||||
**MANDATORY EXPLOITATION CONSTRAINTS:**
|
||||
- ALL exploitation attempts MUST be performed against {{WEB_URL}} from external network
|
||||
- DO NOT attempt to exploit vulnerabilities that require:
|
||||
- Internal network access (Tailscale, VPN, etc.)
|
||||
- Direct server access
|
||||
- Database console access
|
||||
|
||||
**VERDICT CLASSIFICATIONS:**
|
||||
- EXPLOITED: Successfully demonstrated impact via public interface
|
||||
- BLOCKED_BY_SECURITY: Valid vulnerability but blocked by WAF/controls
|
||||
- OUT_OF_SCOPE_INTERNAL: Requires internal access - DO NOT PURSUE
|
||||
- FALSE_POSITIVE: Not actually vulnerable
|
||||
|
||||
Only EXPLOITED and BLOCKED_BY_SECURITY should be reported as findings.
|
||||
Reference in New Issue
Block a user