Attack Library Skill

Where to Store

• Playbooks: docs/agents/data-sets/security-exercises/ATTACK_LIBRARY.md or playbooks/ subfolder
• Updates: Add new playbooks; update technique mappings when ATT&CK/ATLAS changes
• Invocation: "Run playbook: export flow" → load playbook, execute per Red Team skill

Adding a Playbook

1. Name the playbook (e.g. "export flow", "rules backdoor")
2. Map to technique IDs (ATT&CK, ATLAS)
3. Define target surface
4. Write steps (actionable, repeatable)
5. Define expected Blue detection
6. Append to ATTACK_LIBRARY

Additional Resources

• Technique reference: red-team-skill/reference.md
• Proof-of-work: docs/agents/security-team-proof-of-work.md