thinking-red-team

Installation
SKILL.md

Red Team Thinking

Overview

Red teaming is adversarial security review: deliberately attacking a system you control to find vulnerabilities before an attacker does. This skill is scoped to security/code vulnerability detection — it is NOT for plan stress-testing or decision challenge (use thinking-pre-mortem or thinking-steel-manning for those).

The anti-fabrication gate is the most important rule: every reported finding MUST include a concrete, reproducible attack path — entry point → exact steps → realized impact. If you cannot describe how the attack actually executes against this code/config, it is not a finding. Drop it. A short report of real, demonstrable vulnerabilities beats a long list of speculation.

Core Principle: Attack yourself before others do. But only report what you can actually break.

When to Use

  • Security review of code, authentication, authorization, APIs, or infrastructure you control
  • Pre-launch security hardening of a system that handles auth, data, or money
  • Evaluating whether a specific vulnerability class (injection, XSS, auth bypass, etc.) is present in your code

Decision flow:

Installs
111
GitHub Stars
660
First Seen
Mar 12, 2026
thinking-red-team — tjboudreaux/cc-thinking-skills