audit-extractor

audit-extractor follows the SKILL.md standard. Use the install command to add it to your agent stack.

---
name: audit-extractor
description: Extract findings from PDF audit reports and convert them to a markdown checklist. Use when the user asks to process an audit report, extract audit findings, or create an audit action items list. (project)
allowed-tools: Read, Write
---

# Audit Extractor

Extract findings from PDF security audit reports and convert them to a structured markdown checklist for tracking remediation.

## Overview

This skill processes PDF audit reports (from firms like Certora, Sigma Prime, Cantina, etc.) and extracts:
- Finding ID (e.g., C-01, H-01, M-01, L-01, I-01)
- Title/Description
- Severity (Critical, High, Medium, Low, Informational)
- Status (Fixed, Partially fixed, Awaiting Fix, Acknowledged, Disregarded, Pending)
- Impact and Likelihood (when available)
- Detailed descriptions and recommendations

## How to Extract Findings

### Step 1: Read the PDF directly

Use the Read tool to read the PDF file. Claude can natively read and understand PDF documents:

```
Read the PDF file at: <pdf_path>
```

### Step 2: Parse the audit content

After reading the PDF, manually extract findings by looking for:

1. **Summary/Findings Table** - Usually contains:
   - Finding IDs (patterns like C-01, H-01, M-01, L-01, I-01)
   - Titles
   - Severity levels
   - Status

2. **Detailed Finding Sections** - Usually organized by PR or category, containing:
   - Full descriptions
   - Code snippets
   - Exploit scenarios
   - Recommendations
   - Customer response / Fix review status

3. **Severity Information** - Look for:
   - Impact (High, Medium, Low)
   - Likelihood (High, Medium, Low)

### Step 3: Generate the markdown output

Create a markdown file with the following structure:

```markdown
# Audit Findings: [Audit Name]

**Auditor:** [Auditor Name]
**Date:** [Date]
**Status:** [Draft/Final]
**Total findings:** [Count]

## Summary

| Severity | Discovered | Confirmed | Fixed |
|----------|------------|-----------|-------|
| Critical | X | | |
| High | X | | |
| Medium | X | | |
| Low | X | | |
| Informational | X | | |
| **Total** | **X** | | |

## Action Required (X items pending)

- [ ] **M-01** (Medium): [Title]
- [ ] **L-01** (Low): [Title]

---

## All Findings

### ([PR/Category Name])

#### [ID]. [Title]
| Severity | Impact | Likelihood | Status |
|----------|--------|------------|--------|
| [Severity] | [Impact] | [Likelihood] | [Status] |

**Files:** `[filename.sol]`

**Description:** [Full description]

**Recommendation:** [Recommendation text]

---
```

### Step 4: Save the output

Use the Write tool to save the markdown file:
- Save to `audits/[Audit-Name]-Findings.md`

## Output Format Guidelines

### Severity Levels
- **Critical** - Direct loss of funds or complete protocol compromise
- **High** - Significant impact on protocol security or functionality
- **Medium** - Moderate impact, potential for exploitation under certain conditions
- **Low** - Minor issues, best practice violations
- **Informational** - Code quality, gas optimizations, documentation

### Status Values
- **Fixed** - Issue has been resolved
- **Partially fixed** - Issue has been partially addressed
- **Awaiting Fix** - Issue acknowledged, fix pending
- **Acknowledged** - Issue acknowledged, may not be fixed
- **Pending** - Awaiting customer response
- **Disregarded** - Issue will not be fixed (by design)

### Checklist Rules
- Use `[ ]` for unresolved items (Pending, Awaiting Fix, Partially fixed)
- Use `[x]` for resolved items (Fixed, Acknowledged, Disregarded)

## Audit Files Location

Audit reports are typically stored in: `audits/`

## Example Extraction

Given a PDF with findings like:

```
M-01 MigrateSlashers may assign incompatible slasher | Medium | Pending
L-01 Instant slasher setting leaves stale field | Low | Pending
I-01 getSlasher is implemented twice | Informational | Pending
```

Generate:

```markdown
# Audit Findings: EigenLayer - Slashing UX Improvements

**Auditor:** Certora
**Date:** December 2025
**Total findings:** 3

## Summary

| Severity | Count |
|----------|-------|
| Medium | 1 |
| Low | 1 |
| Informational | 1 |

## Action Required (2 items)

- [ ] **M-01** (Medium): MigrateSlashers may assign incompatible slasher
- [ ] **L-01** (Low): Instant slasher setting leaves stale field

## All Findings

### Medium (1)

#### M-01. MigrateSlashers may assign an incompatible slasher address
| Severity | Impact | Likelihood | Status |
|----------|--------|------------|--------|
| Medium | High | Low | Pending |

**Description:** [Full description from PDF]

**Recommendation:** [Recommendation from PDF]

---

### Low (1)

#### L-01. Instant slasher setting leaves stale slasher field in storage
| Severity | Impact | Likelihood | Status |
|----------|--------|------------|--------|
| Low | Low | Low | Pending |

**Description:** [Full description from PDF]

**Recommendation:** [Recommendation from PDF]

---

### Informational (1)

#### I-01. getSlasher is implemented twice
| Severity | Status |
|----------|--------|
| Informational | Pending |

**Description:** [Full description from PDF]

**Recommendation:** [Recommendation from PDF]
```

## Troubleshooting

### PDF won't read
- Ensure the file path is correct and the file exists
- Check if the PDF is password protected (not supported)

### Missing findings
- Some PDFs have findings spread across multiple sections
- Check the Table of Contents for finding locations
- Look for "Detailed Findings" or similar sections

### Inconsistent formatting
- Different audit firms use different formats
- Adapt the markdown structure to match the source format
- Preserve all relevant information even if structure differs