Audit Extractor
Extract findings from PDF security audit reports and convert them to a structured markdown checklist for tracking remediation.
Overview
This skill processes PDF audit reports (from firms like Certora, Sigma Prime, Cantina, etc.) and extracts:
- •Finding ID (e.g., C-01, H-01, M-01, L-01, I-01)
- •Title/Description
- •Severity (Critical, High, Medium, Low, Informational)
- •Status (Fixed, Partially fixed, Awaiting Fix, Acknowledged, Disregarded, Pending)
- •Impact and Likelihood (when available)
- •Detailed descriptions and recommendations
How to Extract Findings
Step 1: Read the PDF directly
Use the Read tool to read the PDF file. Claude can natively read and understand PDF documents:
Read the PDF file at: <pdf_path>
Step 2: Parse the audit content
After reading the PDF, manually extract findings by looking for:
- •
Summary/Findings Table - Usually contains:
- •Finding IDs (patterns like C-01, H-01, M-01, L-01, I-01)
- •Titles
- •Severity levels
- •Status
- •
Detailed Finding Sections - Usually organized by PR or category, containing:
- •Full descriptions
- •Code snippets
- •Exploit scenarios
- •Recommendations
- •Customer response / Fix review status
- •
Severity Information - Look for:
- •Impact (High, Medium, Low)
- •Likelihood (High, Medium, Low)
Step 3: Generate the markdown output
Create a markdown file with the following structure:
# Audit Findings: [Audit Name] **Auditor:** [Auditor Name] **Date:** [Date] **Status:** [Draft/Final] **Total findings:** [Count] ## Summary | Severity | Discovered | Confirmed | Fixed | |----------|------------|-----------|-------| | Critical | X | | | | High | X | | | | Medium | X | | | | Low | X | | | | Informational | X | | | | **Total** | **X** | | | ## Action Required (X items pending) - [ ] **M-01** (Medium): [Title] - [ ] **L-01** (Low): [Title] --- ## All Findings ### ([PR/Category Name]) #### [ID]. [Title] | Severity | Impact | Likelihood | Status | |----------|--------|------------|--------| | [Severity] | [Impact] | [Likelihood] | [Status] | **Files:** `[filename.sol]` **Description:** [Full description] **Recommendation:** [Recommendation text] ---
Step 4: Save the output
Use the Write tool to save the markdown file:
- •Save to
audits/[Audit-Name]-Findings.md
Output Format Guidelines
Severity Levels
- •Critical - Direct loss of funds or complete protocol compromise
- •High - Significant impact on protocol security or functionality
- •Medium - Moderate impact, potential for exploitation under certain conditions
- •Low - Minor issues, best practice violations
- •Informational - Code quality, gas optimizations, documentation
Status Values
- •Fixed - Issue has been resolved
- •Partially fixed - Issue has been partially addressed
- •Awaiting Fix - Issue acknowledged, fix pending
- •Acknowledged - Issue acknowledged, may not be fixed
- •Pending - Awaiting customer response
- •Disregarded - Issue will not be fixed (by design)
Checklist Rules
- •Use
[ ]for unresolved items (Pending, Awaiting Fix, Partially fixed) - •Use
[x]for resolved items (Fixed, Acknowledged, Disregarded)
Audit Files Location
Audit reports are typically stored in: audits/
Example Extraction
Given a PDF with findings like:
M-01 MigrateSlashers may assign incompatible slasher | Medium | Pending L-01 Instant slasher setting leaves stale field | Low | Pending I-01 getSlasher is implemented twice | Informational | Pending
Generate:
# Audit Findings: EigenLayer - Slashing UX Improvements **Auditor:** Certora **Date:** December 2025 **Total findings:** 3 ## Summary | Severity | Count | |----------|-------| | Medium | 1 | | Low | 1 | | Informational | 1 | ## Action Required (2 items) - [ ] **M-01** (Medium): MigrateSlashers may assign incompatible slasher - [ ] **L-01** (Low): Instant slasher setting leaves stale field ## All Findings ### Medium (1) #### M-01. MigrateSlashers may assign an incompatible slasher address | Severity | Impact | Likelihood | Status | |----------|--------|------------|--------| | Medium | High | Low | Pending | **Description:** [Full description from PDF] **Recommendation:** [Recommendation from PDF] --- ### Low (1) #### L-01. Instant slasher setting leaves stale slasher field in storage | Severity | Impact | Likelihood | Status | |----------|--------|------------|--------| | Low | Low | Low | Pending | **Description:** [Full description from PDF] **Recommendation:** [Recommendation from PDF] --- ### Informational (1) #### I-01. getSlasher is implemented twice | Severity | Status | |----------|--------| | Informational | Pending | **Description:** [Full description from PDF] **Recommendation:** [Recommendation from PDF]
Troubleshooting
PDF won't read
- •Ensure the file path is correct and the file exists
- •Check if the PDF is password protected (not supported)
Missing findings
- •Some PDFs have findings spread across multiple sections
- •Check the Table of Contents for finding locations
- •Look for "Detailed Findings" or similar sections
Inconsistent formatting
- •Different audit firms use different formats
- •Adapt the markdown structure to match the source format
- •Preserve all relevant information even if structure differs