Attack Tree Construction

Systematic attack path visualization and analysis.

Use this skill when

• Visualizing complex attack scenarios
• Identifying defense gaps and priorities
• Communicating risks to stakeholders
• Planning defensive investments or test scopes

Do not use this skill when

• You lack authorization or a defined scope to model the system
• The task is a general risk review without attack-path modeling
• The request is unrelated to security assessment or design

Instructions

• Confirm scope, assets, and the attacker goal for the root node.
• Decompose into sub-goals with AND/OR structure.
• Annotate leaves with cost, skill, time, and detectability.
• Map mitigations per branch and prioritize high-impact paths.
• If detailed templates are required, open resources/implementation-playbook.md.

Safety

• Share attack trees only with authorized stakeholders.
• Avoid including sensitive exploit details unless required.

Resources

• resources/implementation-playbook.md for detailed patterns, templates, and examples.