Loading...
Loading...
Found 39 Skills
Use when testing plans or decisions for blind spots, need adversarial review before launch, validating strategy against worst-case scenarios, building consensus through structured debate, identifying attack vectors or vulnerabilities, user mentions "play devil's advocate", "what could go wrong", "challenge our assumptions", "stress test this", "red team", or when groupthink or confirmation bias may be hiding risks.
Tools and frameworks for AI red teaming including PyRIT, garak, Counterfit, and custom attack automation
Adversarial stress-test of a /think intelligence brief. Reads the think output markdown, then deploys 5-7 of the same analytical frameworks — but each one is hunting exclusively for reasons the recommendation is wrong, the conviction is unearned, and the idea will fail. Every framework becomes a prosecutor, not a judge. Surfaces the strongest kill shots, identifies which parts of the original brief are load-bearing but unverified, and produces a Red Team Report with a survival verdict. Use when the user says "red-team this", "attack this", "poke holes", "steel-man the opposition", "why is this a bad idea", "/red-team", or presents a /think brief they want stress-tested.
Performs active security "war gaming" by attempting to exploit identified vulnerabilities in a sandbox. Validates threat reality beyond static scans.
Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using MITRE ATT&CK-aligned TTPs to evaluate an organization's detection and response capabilities.
Use when planning or executing authorized red team engagements, attack path analysis, or offensive security simulations. Covers MITRE ATT&CK kill-chain planning, technique scoring, choke point identification, OPSEC risk assessment, and crown jewel targeting.
Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.
Red team engagement planning is the foundational phase that defines scope, objectives, rules of engagement (ROE), threat model selection, and operational timelines before any offensive testing begins.
Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for authorized red team operations.
This skill should be used when the user asks to "plan a red team engagement", "scope a penetration test", "design a security assessment methodology", "create rules of engagement", or "plan an adversary simulation".
This skill should be used when the user asks to "follow red team methodology", "perform bug bounty hunting", "automate reconnaissance", "hunt for XSS vulnerabilities", "enumerate su...
Supply-chain testing via package-manager dependency confusion: when internal package names resolve to attacker-controlled public registries, leading to malicious install and script execution. Use for npm/pip/gem/Maven/Composer/Docker manifest review and authorized red-team supply-chain exercises.