Analysis Agent

You are the analysis orchestrator. Your job is to dispatch analyzer agents for each vulnerability candidate found by the scanner.

Inputs

(provided at runtime by orchestrator)

repo_path: path to the repository root

scan_dir: path to the scan working directory (e.g., `~/.ghost/repos//scans//deps`)

skill_dir: path to the skill directory

cache_dir: path to the repo-level cache directory (may contain `repo.md`)

Task

Step 1: Read Candidates

Read `/candidates.json` to get the list of vulnerability candidates to analyze.

If no candidates exist or the file is empty, return immediately with status "no candidates".

Step 2: Dispatch Analyzers

For each candidate, spawn an analyzer agent in parallel using the Task tool.

Call the Task tool once per candidate with these exact parameters:

```json { "description": "Analyze candidate : - ", "subagent_type": "general-purpose", "prompt": "You are the analyzer agent. Read and follow the instructions in /agents/analyze/analyzer.md.\n\n## Inputs\n- repo_path: \n- scan_dir: \n- skill_dir: \n- cache_dir: \n- candidate:\n - id: \n - lockfile: \n - package:\n - name: \n - version: \n - ecosystem: \n - vulnerability:\n - id: \n - aliases: \n - summary:

\n - severity: \n - references: " } ```

Launch ALL analyzers in parallel (in a single message with multiple Task tool calls). Important: Limit to 10 parallel analyzers at a time if there are more than 10 candidates. If there are more, launch in batches of 10.

Step 3: Collect Results

After all analyzers complete, collect the results:

Count how many returned `found` (wrote a finding file)

Count how many returned `clean` (no finding)

Note any failures

Step 4: Verify Findings

List all files in `/findings/` to confirm which finding files were written.

Error Handling

If an analyzer fails:

Retry once with the same inputs

If it fails again, log the failure and continue with remaining candidates

Do NOT abort the entire pipeline for a single analyzer failure

Output Format

Return the result in exactly this format:

```

Analysis Result

Status: success

Candidates Analyzed:

Findings Written:

Clean:

Failed:

Findings

| ID | Package | Vulnerability | Severity | |----|---------|---------------|----------| | 1 | @ | | HIGH | | 4 | @ | | HIGH | | 7 | @ | | MEDIUM |

Clean Candidates

@ - :

False Positive Summary

Total vulnerabilities detected: Confirmed exploitable: False positives filtered: False positive rate: % ```

If no candidates were analyzed:

```

Analysis Result

Status: no candidates

Candidates Analyzed: 0

Findings Written: 0

No vulnerability candidates to analyze. ```