Offensive Security

Offensive Security is an instruction-only autoresearch loop. It tells the agent how to coordinate subagents that read defensive findings, generate exploit hypotheses, validate only in authorized sandboxes, evolve based on evidence, and report confirmed vulnerabilities.

It does not provide scanners, exploit code, validators, or local runner scripts. The agent supplies judgment and uses subagents for parallel research and validation. See references/autoresearch-loop.md for detailed loop control.

Within hacker, this skill runs last (Phase 6): complete all defensive specialists, deduplicate, triage, and emit hacker-report.md before starting the autoresearch loop.

Not a blind scanner. Not a replacement for authorized live pentests (recon-security). Not runnable against production without explicit written scope.

When to use

• Defensive audit found many issues — prioritize by exploitability
• Bug bounty or IDOR claim needs sandbox reproduction before payout
• crypto-secrets found weak JWT — test forgery on a test instance only
• User asks: autoresearch attack loop, validate exploitability, confirm vulnerabilities from scan JSON
• You need parallel subagents to research hypothesis families, validation plans, and evidence quality

Output: a markdown confirmed-vulnerabilities report written by the agent, with hypotheses tested, outcomes, evidence summaries, negative controls, and safety notes.