tahr-map-attack-surface
Installation
SKILL.md
Map the Attack Surface
Build an evidence-backed inventory before testing vulnerabilities. Treat every discovered item as coverage evidence, not as a finding.
Set the boundary
- Identify the repository roots, application origins, API origins, environments, and supplied specifications or traffic captures.
- Record the allowed runtime scope. Do not contact a live target unless the user supplied it or clearly authorized testing it.
- Default to source-only analysis when authorization, credentials, or a runnable environment are absent.
- Keep runtime activity read-only and low volume. Do not submit destructive forms, create real orders, send invitations, modify accounts, or enumerate unrelated infrastructure.
- Never print or persist passwords, cookies, bearer tokens, API keys, reset links, private keys, CSRF values, or user PII. Retain names, locations, value classes, lengths, and short SHA-256 fingerprints when useful.
Inventory independent evidence sources
Inspect each available source independently before merging: