attack-surface
Installation
SKILL.md
Attack Surface Mapping
Discover and inventory every entry point where external data enters the application. Produces a ranked catalog of all routes, APIs, input handlers, and external interfaces organized by exposure level and trust boundary.
Supported Flags
Read ../../shared/schemas/flags.md for the full flag specification.
| Flag | Attack Surface Behavior |
|---|---|
--scope |
Default full. Attack surface mapping benefits from whole-codebase visibility. Narrow scopes produce partial inventories with a warning. |
--depth quick |
Framework route extraction only (Grep for route decorators and definitions). |
--depth standard |
Route extraction + read handlers to classify input types and auth requirements. |
--depth deep |
Standard + trace each entry point to internal sinks, map trust boundary crossings. |
--depth expert |
Deep + rank by exploitability, identify shadow/undocumented endpoints, DREAD scoring. |
--severity |
Not directly applicable. Used to filter the exposure ranking in output. |
--format |
Default text. Use json for machine-readable inventory, md for wiki export. |
Related skills