prowler-attack-paths-query
Installation
SKILL.md
Overview
Attack Paths queries are openCypher queries that analyze cloud infrastructure graphs (ingested via Cartography) to detect security risks like privilege escalation paths, network exposure, and misconfigurations.
Queries are written in openCypher Version 9 for compatibility with both Neo4j and Amazon Neptune.
Two query audiences
This skill covers two types of queries with different isolation mechanisms:
| Predefined queries | Custom queries | |
|---|---|---|
| Where they live | api/src/backend/api/attack_paths/queries/{provider}.py |
User/LLM-supplied via the custom query API endpoint |
| Provider isolation | AWSAccount {id: $provider_uid} anchor + path connectivity |
Automatic _Provider_{uuid} label injection via cypher_sanitizer.py |
| What to write | Chain every MATCH from the aws variable |
Plain Cypher, no isolation boilerplate needed |
| Internal labels | Never use (_ProviderResource, _Tenant_*, _Provider_*) |
Never use (injected automatically by the system) |
Related skills