triage_cve
Aggregate vulnerability data from NVD, EPSS, CISA KEV, and exploit sources to compute a composite risk score for a given CVE, with optional SSVC decision at deep depth.
Instructions
One-call CVE triage orchestrator (v0.2.0).
Fans out the relevant upstream sources concurrently — NVD (with a transparent VulnCheck NVD++ fallback when NVD fails), EPSS, the CISA KEV catalog, and (for depth != "quick") public PoC/exploit discovery — then computes the composite risk score (KEV hard-override applies: a KEV-listed CVE is always CRITICAL with score >= 76). For depth == "deep" it additionally emits an SSVC v2 gated decision (Act / Attend / Track* / Track).
Args: cve_id: CVE identifier (e.g. CVE-2021-44228). depth: "quick" — NVD + EPSS + KEV (no PoC search; fastest), "standard" — adds PoC/exploit discovery (default), "deep" — adds an SSVC v2 qualitative decision.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| cve_id | Yes | ||
| depth | No | standard |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |