Invokes Red Team with ATT&CK/ATLAS technique IDs; generates structured output; saves to proof-of-work. Use when the user says Red Team, attack simulation, ATT&CK technique, ATLAS technique, or requests Red Team exercises.
When user invokes Red Team, attack simulation, or specifies ATT&CK/ATLAS technique IDs:
docs/agents/roles/red-team-agent.md and docs/agents/security-team-proof-of-work.mdFor every Red action, produce:
### Red action – [phase]
- **Role:** Lead | Specialist | Technical Ninja
- **Technique IDs:** T1566 (Phishing), ATLAS-T-001 (Prompt Injection), etc.
- **Target:** [surface]
- **Action:** [what was simulated]
- **Result:** Success | Failed | Partial
- **Blue visibility:** Yes | No | Unclear
- **Artifacts:** [path or "see above"]
Include technique IDs in every Red action block for coverage mapping.
docs/agents/security-team-proof-of-work.md or create docs/agents/data-sets/security-exercises/YYYY-MM-DD-<exercise>.mddocs/agents/data-sets/security-exercises/artifacts/docs/agents/security-team-proof-of-work.md § Exercise logWhen running with Blue (Purple): coordinate per docs/agents/purple-team-protocol.md. Red attacks → Blue checks → fix → re-test.