red-team-bundler
Red Team Bundler Skill 🕵️♂️
Overview
This skill automates the preparation of "Red Team" security and architecture reviews. Instead of manually explaining the context to an external LLM, this skill generates a highly specific instruction prompt, gathers the relevant codebase files, and uses the core Context Bundler scripts to compile them into a single, seamless payload.
Because context windows are valuable and red team reviews require precision, this is a Level 2.0 Interactive Skill. You must not blindly guess the user's intent or immediately execute scripts. You must follow the phased workflow below to confirm the target, threat model, and format before generating the payload.
🎯 Primary Directive
Discover, Confirm, Isolate, Instruct, and Package. You are creating a standalone artifact designed to be read by an external AI or human. The most critical part of this bundle is the Prompt—it must explicitly tell the receiving AI how to attack, review, or analyze the accompanying code based on the user's specific threat model.
Core Workflow
When asked to prepare a red team review, you MUST follow these phases in order. Do not skip to execution.
Phase 1: Discovery Interview (Targeted Diagnostics)
Before creating any directories or writing any files, evaluate the user's initial request. If it is vague, you must ask 1-2 targeted questions to shape the payload:
- Threat Model / Focus: What specific vulnerabilities are we hunting for? (e.g., OWASP top 10, Authentication bypass, Business logic flaws, Data exfiltration).
- Format Negotiation: Where is this bundle going? (e.g., "Are you pasting this into a web UI like ChatGPT/Grok (needs
.md), or do you need a.zipto send to a human reviewer/offline agent?")
Wait for the user's response before proceeding.
Phase 2: Recap & Confirm (Pre-Execution Gate)
Draft the execution plan based on the discovery phase, but DO NOT execute the Python scripts or write to disk yet. Present the proposed plan to the user for approval:
Red Team Bundle Plan:
- Target Topic: [Topic Name]
- Format: [.md or .zip]
- Proposed Persona/Prompt: "Act as a ruthless security auditor focusing on [Threat Model]..."
- Proposed Files to Bundle:
1. src/auth/...
2. docs/security...
Does this look right? (yes / adjust)
Wait for the user to confirm.
Phase 3: Initialize & Draft
Once the user confirms the plan, create the workspace and draft the prompt:
- Create the Temp Directory:
mkdir -p temp/red-team-review-[topic-name] - Write the Prompt: Write the agreed-upon text into
temp/red-team-review-[topic-name]/prompt.md. The prompt must explicitly establish the Red Team rules of engagement, the specific threat model, and the desired severity scoring (Critical, High, Medium, Low).
Phase 4: Build the Manifest
Create file-manifest.json inside the temp directory.
CRITICAL ORDERING: The newly created prompt.md MUST be the very first item in the files array. This ensures the receiving LLM reads the instructions before reading the source code.
{
"title": "Red Team Review: [Topic Name]",
"description": "Security and architecture review bundle focusing on [Threat Model].",
"files": [
{
"path": "temp/red-team-review-[topic-name]/prompt.md",
"note": "Primary Instructions & Rules of Engagement"
},
{
"path": "src/target/logic.py",
"note": "Target: Core implementation logic"
},
{
"path": "docs/security-model.md",
"note": "Context: Intended security architecture"
}
]
}
(Note: Use directory paths like src/auth/ to recursively include entire folders if necessary, rather than listing 50 files manually).
Phase 5: Execute & Handoff
Invoke the appropriate core Context Bundler script based on the format negotiated in Phase 1.
(Adjust the script path below depending on if you are running this from the plugin root or via an npx installed .agents/ path).
-
For Markdown (.md):
python3 ./scripts/bundle.py --manifest temp/red-team-review-[topic-name]/file-manifest.json --bundle temp/red-team-review-[topic-name]/payload.md -
For ZIP Archive (.zip):
python3 ./scripts/bundle_zip.py --manifest temp/red-team-review-[topic-name]/file-manifest.json --bundle temp/red-team-review-[topic-name]/payload.zip
Once the payload is generated, inform the user that it is ready for handoff. If it is a Markdown file, explicitly remind them they can copy the contents of that file and paste it directly into their external chat interface.
More from richfrem/agent-plugins-skills
markdown-to-msword-converter
Converts Markdown files to one MS Word document per file using plugin-local scripts. V2 includes L5 Delegated Constraint Verification for strict binary artifact linting.
52excel-to-csv
>
32zip-bundling
Create technical ZIP bundles of code, design, and documentation for external review or context sharing. Use when you need to package multiple project files into a portable `.zip` archive instead of a single Markdown file.
29learning-loop
(Industry standard: Loop Agent / Single Agent) Primary Use Case: Self-contained research, content generation, and exploration where no inner delegation is required. Self-directed research and knowledge capture loop. Use when: starting a session (Orientation), performing research (Synthesis), or closing a session (Seal, Persist, Retrospective). Ensures knowledge survives across isolated agent sessions.
26ollama-launch
Start and verify the local Ollama LLM server. Use when Ollama is needed for RLM distillation, seal snapshots, embeddings, or any local LLM inference — and it's not already running. Checks if Ollama is running, starts it if not, and verifies the health endpoint.
26spec-kitty-checklist
A standard Spec-Kitty workflow routine.
26