#XOR Prompt Packs
Security / AppSec
Run these prompts as‑is in GitHub where the XOR App is installed. Examples are pre‑filled for Open Source Repos.
Security / AppSec
Use case
Prompt
Link
Supply‑chain hardening (GitHub Actions)
Context: apache/airflow@main vulnerable dependency path. Task: propose the minimal deep patch to remove exploitability without breaking APIs, run tests, and open a PR if green. Output: diff + rationale + file:line evidence.
/plan harden gh-actions
/ask list risks → patch with pinned SHAs
open on GitHub
*Opens XOR in GitHub with this prompt pre‑filled
Autopatch a CVE
Context: {CVE}, target {branch}@{sha}. Task: Propose minimal patch that removes exploit without API break, run tests, open PR if green. Output: diff + rationale + file:line evidence.
/plan fix {CVE} on {branch}
/ask propose patch + run tests
open on GitHub
*Opens XOR in GitHub with this prompt pre‑filled
Exploitability triage
Classify each finding as Reachable / Not‑reachable with data/control‑flow evidence. Output: Table prioritized by blast radius with file:line citations.
/ask triage tool-findings for reachability; output CSV + priorities
open on GitHub
*Opens XOR in GitHub with this prompt pre‑filled
Third‑party dependency risk
Rank dependencies by known vulns, transitive impact, and upgrade friction. Output: Top 10 + recommended versions + ready‑to‑merge PRs that keep builds green.
/ask rank deps by risk and propose top 3 upgrade PRs
open on GitHub
*Opens XOR in GitHub with this prompt pre‑filled
Secrets & tokens check
Scan recent commits for secrets, confirm revocation/rotation, then add a GitHub Actions guardrail to block future leaks. Output: checklist + CI patch.
/ask recent secret risk + add CI secret-scan gate
open on GitHub
*Opens XOR in GitHub with this prompt pre‑filled
BACK TO ALL PROMPTS
PRODUCT OVERVIEW
One trusted system to secure open source at scale
.jpg)
.jpg)
© 2025 XOR. All rights reserved.