AgentSkillsCN

attack-tree-construction

构建全面的攻击树,以可视化威胁路径。在绘制攻击场景、识别防御缺口,或向利益相关者传达安全风险时使用。

SKILL.md
--- frontmatter
name: attack-tree-construction
description: "Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders."
risk: unknown
source: community

Attack Tree Construction

Systematic attack path visualization and analysis.

Use this skill when

  • Visualizing complex attack scenarios
  • Identifying defense gaps and priorities
  • Communicating risks to stakeholders
  • Planning defensive investments or test scopes

Do not use this skill when

  • You lack authorization or a defined scope to model the system
  • The task is a general risk review without attack-path modeling
  • The request is unrelated to security assessment or design

Instructions

  • Confirm scope, assets, and the attacker goal for the root node.
  • Decompose into sub-goals with AND/OR structure.
  • Annotate leaves with cost, skill, time, and detectability.
  • Map mitigations per branch and prioritize high-impact paths.
  • If detailed templates are required, open resources/implementation-playbook.md.

Safety

  • Share attack trees only with authorized stakeholders.
  • Avoid including sensitive exploit details unless required.

Resources

  • resources/implementation-playbook.md for detailed patterns, templates, and examples.