Add CVE compensating control verification gates by malb200710-dev · Pull Request #1630 · UnitOneAI/SecuritySkills

malb200710-dev · 2026-06-07T20:20:07Z

Summary

Adds a compensating-control verification step to CVE triage before SLA de-escalation.
Requires exploit-path mapping, runtime scope, effectiveness evidence, bypass review, owner/expiry, and explicit SLA impact.
Adds output fields and prompt-injection safety guidance to avoid lowering remediation urgency from unverified mitigation claims.
Links implementation to review issue [REVIEW] cve-triage: require compensating-control exploit-path evidence #1629.

Confirmed markdown code fences are balanced.
Confirmed the edited file remains ASCII.
Checked the new version, Step 7, exploit-path fields, de-escalation rule, and output fields are present.

Bounty request: Improver Moderate ($100) if accepted. I can provide payment details if accepted.

Add CVE compensating control verification gates

088fbd5

malb200710-dev mentioned this pull request Jun 7, 2026

[REVIEW] cve-triage: require compensating-control exploit-path evidence #1629

Open