attack-tree-construction

by @halay08 in Development

# Install this skill:

npx skills add halay08/fullstack-agent-skills --skill "attack-tree-construction"

Install specific skill from multi-skill repository

# Description

Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.

# SKILL.md

name: attack-tree-construction
description: Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.

Attack Tree Construction

Systematic attack path visualization and analysis.

Use this skill when

Visualizing complex attack scenarios
Identifying defense gaps and priorities
Communicating risks to stakeholders
Planning defensive investments or test scopes

Do not use this skill when

You lack authorization or a defined scope to model the system
The task is a general risk review without attack-path modeling
The request is unrelated to security assessment or design

Instructions

Confirm scope, assets, and the attacker goal for the root node.
Decompose into sub-goals with AND/OR structure.
Annotate leaves with cost, skill, time, and detectability.
Map mitigations per branch and prioritize high-impact paths.
If detailed templates are required, open resources/implementation-playbook.md.

Safety

Share attack trees only with authorized stakeholders.
Avoid including sensitive exploit details unless required.

Resources

resources/implementation-playbook.md for detailed patterns, templates, and examples.

# Supported AI Coding Agents

This skill is compatible with the SKILL.md standard and works with all major AI coding agents:

⚡ Amp 🚀 Antigravity 🤖 Claude Code 🦀 Clawdbot 📝 Codex ▶️ Cursor 🤖 Droid 💎 Gemini CLI 🐙 GitHub Copilot 🪿 Goose 📊 Kilo Code 🔧 Kiro CLI 💻 OpenCode 🦘 Roo Code 🌲 Trae 🏄 Windsurf

Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.