Custom Templates
Create your own AI prompt templates for specialized testing scenarios.
Table of contents
Overview
While VISTA includes 12 expert built-in templates, you can create custom templates for:
- Specialized vulnerability types not covered by built-in templates
- Client-specific testing with custom methodology requirements
- Team standardization — share consistent testing approaches
- Technology-specific analysis (e.g., GraphQL-specific, gRPC, WebSocket)
Creating a Custom Template
Using the UI
- Go to Prompt Templates tab
- Click “New Template”
- Fill in the template fields:
| Field | Required | Description |
|---|---|---|
| Name | ✅ | Template display name |
| Category | ✅ | Grouping category (e.g., “Exploitation”, “Analysis”) |
| Description | ✅ | Brief description of what the template does |
| System Prompt | ✅ | The AI’s role and expertise (see below) |
| User Prompt | ✅ | The analysis request with variables (see below) |
| Mode | ✅ | Standard or Expert |
| Tags | Optional | Searchable tags for filtering |
| Model Override | Optional | Use a specific AI model for this template |
| Temperature Override | Optional | Custom temperature (0.0–1.0) |
| Max Tokens Override | Optional | Custom response length limit |
- Click “Save”
Writing Effective Prompts
System Prompt (AI’s Role)
The system prompt defines the AI’s expertise and methodology. A good system prompt includes:
You are an ELITE [vulnerability type] expert with deep knowledge from
[sources: PortSwigger, OWASP, real-world bounties].
CORE EXPERTISE:
- [Technique 1]
- [Technique 2]
- [Technique 3]
METHODOLOGY:
1. [Step 1 — what to check first]
2. [Step 2 — how to test]
3. [Step 3 — how to bypass filters]
4. [Step 4 — how to escalate]
REAL-WORLD: [Context about bounty values and impact]
Be specific and comprehensive in the system prompt. The more expert knowledge you provide, the better the AI’s analysis will be.
User Prompt (Analysis Request)
The user prompt is where you use variables and define the output format:
Analyze this HTTP request/response for [vulnerability type].
RAW REQUEST:
RAW RESPONSE:
PARAMS:
WAF:
USER QUESTION:
PROVIDE:
1. [Analysis section 1]
2. [Analysis section 2]
3. [Testing payloads]
4. [Impact assessment]
Available Variables
Use these variables in your user prompt — they are automatically populated from the HTTP request context:
Request Variables
| Variable | Content |
|---|---|
| `` | Full raw HTTP request |
| `` | Full raw HTTP response |
| `` | Request URL |
| `` | HTTP method |
| `` | Request headers |
| `` | Request body |
| `` | All parameters with values |
| `` | Cookie values |
Analysis Variables
| Variable | Content |
|---|---|
| `` | Detected endpoint type |
| `` | Detected WAF information |
| `` | Calculated risk score |
| `` | Deep request pattern analysis |
| `` | Deep response analysis |
| `` | Input reflection tracking |
| `` | Error messages in response |
| `` | Detected sensitive data |
| `` | Detected technologies |
User Context
| Variable | Content |
|---|---|
| `` | User’s question text |
| `` | Previous conversation context |
Template Examples
WebSocket Security Template
Name: WebSocket Security Expert
Category: Exploitation
Mode: Expert
System Prompt: |
You are an expert in WebSocket security testing.
EXPERTISE:
- Cross-Site WebSocket Hijacking (CSWSH)
- WebSocket message injection
- Origin validation bypass
- Message format manipulation
METHODOLOGY:
1. Check Origin header validation
2. Test for CSWSH (missing CSRF protection on handshake)
3. Inject payloads in WebSocket messages
4. Test for authorization on message types
User Prompt: |
Analyze this WebSocket connection for vulnerabilities.
REQUEST:
RESPONSE:
PROVIDE:
1. Handshake analysis (Origin, Sec-WebSocket-Key)
2. CSWSH testing approach
3. Message injection payloads
4. Authorization bypass tests
GraphQL-Specific Template
Name: GraphQL Security Expert
Category: Exploitation
Mode: Expert
System Prompt: |
You are a GraphQL security expert.
EXPERTISE:
- Introspection exploitation
- Query batching attacks
- Nested query DoS (query depth)
- Authorization bypass via field-level access control
- Injection through GraphQL variables
User Prompt: |
Analyze this GraphQL request for vulnerabilities.
REQUEST:
RESPONSE:
DEEP ANALYSIS:
PROVIDE:
1. Introspection query results
2. Query batching test
3. Depth/complexity abuse payloads
4. Field-level authorization tests
Import & Export
Exporting Templates
Share your custom templates with teammates:
- Select a template in the Prompt Templates tab
- Click “Export”
- Template is saved as a JSON file
Importing Templates
- Click “Import” in the Prompt Templates tab
- Select a template JSON file
- Template is added to your custom templates
Template File Format
Templates are stored as JSON in ~/.vista/prompts/custom/:
{
"id": "custom-websocket-expert",
"name": "WebSocket Security Expert",
"category": "Exploitation",
"author": "your-name",
"description": "WebSocket security testing template",
"systemPrompt": "You are a WebSocket security expert...",
"userPrompt": "Analyze this WebSocket connection...",
"isBuiltIn": false,
"isActive": true,
"mode": "EXPERT",
"tags": ["websocket", "expert"],
"modelOverride": null,
"temperatureOverride": null,
"maxTokensOverride": null
}
Best Practices
Be comprehensive in system prompts — Include specific techniques, tool names, payload examples, and methodology steps. The AI performs much better with detailed context.
Structure your output requirements — Use numbered sections in the user prompt (PROVIDE: 1. Analysis, 2. Payloads, 3. Impact) to get organized responses.
Use relevant variables — Don’t include all 35 variables. Only use variables relevant to your vulnerability type.
Test with different models — Use the model override to test which AI model works best for your template’s use case.