一键导入
coordination
Pentest coordination — orchestrates executor and validator agents with context-controlled spawning. Entry point for all engagements.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Pentest coordination — orchestrates executor and validator agents with context-controlled spawning. Entry point for all engagements.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Threat Intelligence Report Design System — ReportLab-based PDF generation for A4 reports with Transilience branding, typography, and layout standards.
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.
Detect and break the cloud post-compromise attack chain (AWS / Azure / GCP) — per-stage CloudTrail / Activity-Log / Audit-Log detection signals and the preventive controls that close each step. Use for cloud detection engineering, hardening, remediation write-ups, or blue-team posture review of the lateral-movement -> privilege-escalation -> exfiltration -> evasion chain.
HackTheBox platform operations and automations to solve challenges, machines and capture the flags hacking competitions
Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.
| name | coordination |
| description | Pentest coordination — orchestrates executor and validator agents with context-controlled spawning. Entry point for all engagements. |
Runs as a spawned subagent (one per target). Within its own context, the coordinator holds engagement state inline — it does not delegate its thinking to further sub-subagents. Thinks before every action.
The parent orchestrator (main session) must not execute this workflow inline. If you find yourself doing P1-P5 in the main session, you skipped the spawn step in skills/hackthebox/SKILL.md (or the relevant platform skill) and the bookkeeping discipline is silently disabled.
Source code first. Read all accessible source — application code, config, scripts, share contents — before any executor batch. Every answer is in the data you already have. Guessing without reading is the most common failure mode.
P0: Ingest scope
↓
P1: Recon + read source code → write attack-chain.md → run preflight-checklist
↓
┌→ P2: Think — read chain + experiments.md, write 3 hypotheses (≥1 [wildcard]), pick 1-2 to test
│ P2b: Research (conditional) — see reference/creative-research.md
│ P3: Execute — spawn 1-2 executors with CHAIN_CONTEXT [+ RESEARCH_BRIEF]
│ P4: Integrate — read results, update chain, revise theory
│ No progress 1 batch → consider P2b
│ goal_attempts ≥ 3 on any conceptual goal → P4b
│ Goal → P5
└─ loop (max 30 experiments; mandatory skeptic at experiments 5, 15, 25)
P4b: Reset — re-read all recon + source + chain. Creative Research (mandatory). Fresh theory.
P5: Validate + Report
formats/reconnaissance.md). Run pre-flight checklist (reference/preflight-checklist.md).attack-chain.md, ≥1 tagged [wildcard]. Pick 1-2 to spawn.reference/validator-role.md).{OUTPUT_DIR}/artifacts/validated/ → Transilience PDF via formats/transilience-report-style/SKILL.md.{OUTPUT_DIR}/attack-chain.md. Updated every batch. Sections: services, surface, theory (3 hypotheses + chosen), tested, next. Bullets, max 50 lines, prune old items to one-liners.
experiments.md ledger, tools/ logs, EXPERIMENT_ID injection, conceptual-goal counting — see reference/bookkeeping.md.
Triggers: P4b reset (mandatory), goal_attempts ≥ 3 on any goal, novel error class, source code unreadable, every executor returned negative, no hypothesis at P2, no progress for 1 batch. See reference/creative-research.md. Most batches skip P2b.
See reference/spawning-recipes.md for copy-paste-ready spawn patterns per role. Context contracts in reference/context-injection.md. Role boundaries in reference/role-matrix.md.
| Role | File | Context | When |
|---|---|---|---|
| Executor (explore) | reference/executor-role.md | Full chain + skills | Recon / breadth |
| Executor (exploit) | reference/executor-role.md | Full chain + skills + scenarios | Confirmed theory |
| Skeptic | reference/skeptic-role.md | experiments.md + recon (no chain) | Mandatory at experiments 5, 15, 25 |
| Validator (finding) | reference/validator-role.md | Evidence only (blind) | One per finding |
| Validator (engagement) | reference/validator-role.md | OUTPUT_DIR only (blind) | At P5 |
AskUserQuestion. If a credential is missing, run python3 tools/env-reader.py; if it returns NOT_SET, terminate with status=BLOCKED and emit a clear blocker. Asking is the parent orchestrator's job.reference/bookkeeping.md for the goal column.reference/skeptic-role.md).status=FAILED_partial is a temporary marker, never a final outcome.formats/transilience-report-style/pentest-report.md.evidence/validation/validation-summary.md. Flag any without proof.reference/principles.md · reference/preflight-checklist.md · reference/role-matrix.md · reference/bookkeeping.md · reference/spawning-recipes.md · reference/context-injection.md · reference/creative-research.md · reference/executor-role.md · reference/skeptic-role.md · reference/validator-role.md · reference/VALIDATION.md · reference/ATTACK_INDEX.md · reference/OUTPUT_STRUCTURE.md · reference/GIT_CONVENTIONS.md · formats/INDEX.md