attack-tree-construction
Build attack trees for security planning
Threat paths are hard to map and explain. This skill provides structured attack tree templates and analysis guidance for clearer risk communication and defense planning.
Download the skill ZIP
Upload in Claude
Go to Settings → Capabilities → Skills → Upload skill
Toggle on and start using
Test it
Using "attack-tree-construction". Create an attack tree for account takeover and highlight the easiest path.
Expected outcome:
- Root goal: Take over user account
- Easiest path: Steal credentials via phishing
- Top mitigations: Email filtering, security awareness training, MFA
Using "attack-tree-construction". Build an attack tree for data exfiltration from a database.
Expected outcome:
- Root goal: Exfiltrate sensitive data
- Path 1: Direct database access via SQL injection
- Path 2: Backup theft via compromised credentials
- Path 3: Application layer data scraping
- Highest priority mitigation: Input validation and least privilege access
Using "attack-tree-construction". Create a Mermaid diagram for cloud storage compromise.
Expected outcome:
- flowchart TD diagram showing root goal with OR branches
- Sub-goals: Credential theft, API exploitation, misconfiguration abuse
- Leaf nodes with color coding by difficulty level
Security Audit
SafeThis is a documentation and educational skill containing pure templates for threat modeling. All 72 static findings are false positives triggered by legitimate security terminology in educational content. The skill has no executable code, no network calls, no file access, and no external command execution. The content describes attack concepts purely for defensive planning purposes.
Risk Factors
🌐 Network access (4)
Quality Score
What You Can Build
Model system threats
Create attack trees to evaluate design risks and plan defensive investments.
Plan test paths
Map likely attack paths to focus testing on the highest impact routes.
Explain stakeholder risk
Summarize attacker goals and mitigations for non technical audiences.
Try These Prompts
Create a simple attack tree for unauthorized access to a web app. Provide a root goal, two sub goals, and leaf attacks.
Build an attack tree for data exfiltration and assign difficulty, cost, detection risk, and time for each leaf.
Generate Mermaid flowchart text for an account takeover attack tree with OR and AND nodes.
Given an attack tree, identify critical nodes and prioritize mitigations by coverage impact.
Best Practices
- Start with a clear attacker goal and scope
- Assign realistic attributes for each leaf attack
- Review trees with experts and update regularly
Avoid
- Building trees without assigning attack attributes
- Ignoring insider and social engineering paths
- Treating the tree as static once created