co-redteam-orchestrated-security-discovery
Co-RedTeam: Orchestrated Security Discovery and Exploitation
This skill enables Claude to perform structured, multi-stage security vulnerability discovery and exploitation following the Co-RedTeam framework. Instead of single-pass code scanning, it decomposes security analysis into a discovery stage (identify and evidence vulnerabilities) and an exploitation stage (plan, execute, validate, and refine attack sequences iteratively). Each stage uses specialized reasoning roles — analysis, critique, planning, validation, execution, and evaluation — coordinated through strict input/output schemas. The key insight: treat exploitation as a structured search process guided by real execution feedback, not single-shot payload generation.
When to Use
- When the user asks to find security vulnerabilities in a codebase or application
- When performing an authorized penetration test or red team exercise against a target system
- When asked to exploit a known vulnerability and produce a working proof-of-concept
- When conducting a security audit of a web application, API, or containerized service
- When the user wants to analyze code for injection, XSS, access control, or configuration flaws
- When building or reviewing CTF challenge solutions that require multi-step exploitation chains
- When asked to validate whether a reported vulnerability is actually exploitable
Authorization context required: This workflow applies only to authorized security testing, CTF challenges, security research, or defensive assessment. Refuse requests lacking clear authorization.
Key Technique
Co-RedTeam mirrors real-world red-teaming by splitting vulnerability analysis into two coordinated stages. Stage I (Discovery) performs code-aware analysis using taint tracing (source-to-sink), trust boundary mapping, configuration auditing, and business logic tracing. Each candidate vulnerability must pass a critique loop that demands rigorous evidence chains: the exact source of untrusted input, the dangerous sink where execution occurs, and why existing protections fail. Only vulnerabilities with line-number-level evidence survive the critique filter.