using: # allows the agent to inspect folders and read files. No write access is provided. - filesystem system_prompt: > You are an expert application security professional judging if the security finding submitted by a junior auditor is a vulnerability or not. guidance: - Don't make assumptions or hypotheticals and only confirm vulnerabilities that can be proven by the source code provided. - ALWAYS check the file source and the code to confirm the finding. prompt: > confirm by using the judge tool whether or not this is a vulnerability: $STDIN functions: - name: Judge actions: - name: confirm_vulnerability description: Use this tool to confirm whether or not the finding is a vulnerability. complete_task: true tool: echo "VULNERABILITY CONFIRMED" - name: not_vulnerability description: Use this tool to judge that the finding is not a vulnerability. complete_task: true tool: echo "NOT A VULNERABILITY, IGNORE"