tahr-map-attack-surface

Installation
SKILL.md

Map the Attack Surface

Build an evidence-backed inventory before testing vulnerabilities. Treat every discovered item as coverage evidence, not as a finding.

Set the boundary

  1. Identify the repository roots, application origins, API origins, environments, and supplied specifications or traffic captures.
  2. Record the allowed runtime scope. Do not contact a live target unless the user supplied it or clearly authorized testing it.
  3. Default to source-only analysis when authorization, credentials, or a runnable environment are absent.
  4. Keep runtime activity read-only and low volume. Do not submit destructive forms, create real orders, send invitations, modify accounts, or enumerate unrelated infrastructure.
  5. Never print or persist passwords, cookies, bearer tokens, API keys, reset links, private keys, CSRF values, or user PII. Retain names, locations, value classes, lengths, and short SHA-256 fingerprints when useful.

Inventory independent evidence sources

Inspect each available source independently before merging:

Installs
3
First Seen
1 day ago
tahr-map-attack-surface — tahr-security/tahr-security-skills