comprehensive-python-sink-research-workflowlisted

Master skill documenting the complete workflow for exhaustive security sink research, from parallel agent spawning through structured citation and source archival. Covers the full lifecycle: research → synthesis → formatting → validation → archival. Use as reference for any "most complete" security analysis project.
Lu1sDV/skillsmd · ★ 1 · AI & Automation · score 62

Install: claude install-skill Lu1sDV/skillsmd

# Comprehensive Python Sink Research Workflow > **Session**: 2026-04-29 > **Scope**: Build the most complete Python security sinks catalog with structured > JSON citations and full source archival. > **Output**: 95 niche findings, 3,705-line catalog, 91 archived sources, 5 reusable skills. --- ## Phase 0: User Intent & Constraints **Original Request**: "I'm interested in niche ignored sinks (class confusions, prototypes, race-conditions in python). Spawn 10 parallel research subagents that learn tricks from non-obvious writeups & CTF caveats. Ignore well-understood bugs. Leave 4 subagents full research autonomy." **Subsequent Requests**: - Resume/restart research (multiple rounds) - Write findings to `vuln-research/references/sinks/python.md` - Navigate entire resources when found - Create agnostic skill from prompts - JSON citations on every finding - Long-horizon task with todo tracking - Save source of findings (per citation) - Create skill per message/instruction **Hard Constraints**: - Every finding MUST have JSON citation with source URL - Focus on niche/ignored, not well-known (SQLi, XSS, RCE basics excluded) - Full resource navigation (no summaries) - Parallel research only (no sequential agent spawning) --- ## Phase 1: Parallel Research Swarm (2 Rounds) ### Round 1: Initial Discovery (10 Librarian Agents) | Agent | Lane | Focus | |-------|------|-------| | A1 | Class Confusion | `__class__.__init__.__globals__`, metaclass abuse, MRO manipulation | | A2 | Pr