Attack Tree Construction is a skill published by agensi that automates the generation of structured attack trees for threat modeling. Given a high-level attacker objective, it decomposes the goal into sub-goals using strict AND/OR node logic, ensuring each branch terminates at atomic, measurable leaf nodes rather than vague threat descriptions.
Every leaf node is evaluated across four attributes: time required, cost, technical skill needed, and detection probability. From these scores, the skill automatically identifies two critical paths: the Path of Least Resistance (lowest combined cost) and the Stealthiest Path (lowest detection probability). This lets security engineers immediately see which attack chains are most likely to be exploited versus which are most likely to evade existing controls.
The skill also performs defensive mapping by overlaying known security controls onto the tree, surfacing nodes where no mitigation exists. This bridges the gap between high-level risk assessments and technical red-team planning without requiring manual diagramming.
Output formats include structured text trees, Mermaid.js diagrams suitable for embedding in GitHub or Notion, JSON for programmatic consumption, and Python data models compatible with Monte Carlo simulations. These outputs can be fed into CI/CD security review pipelines or architecture documentation workflows. The skill does not require any environment variables and has no external tool integrations listed.