Attack Tree Construction

Generate structured, scored attack trees with AND/OR logic to visualize threat paths and identify security gaps.

Install
cmdop skills install agensi-attack-tree-construction

Attack Tree Construction is a skill published by agensi that automates the generation of structured attack trees for threat modeling. Given a high-level attacker objective, it decomposes the goal into sub-goals using strict AND/OR node logic, ensuring each branch terminates at atomic, measurable leaf nodes rather than vague threat descriptions.

Every leaf node is evaluated across four attributes: time required, cost, technical skill needed, and detection probability. From these scores, the skill automatically identifies two critical paths: the Path of Least Resistance (lowest combined cost) and the Stealthiest Path (lowest detection probability). This lets security engineers immediately see which attack chains are most likely to be exploited versus which are most likely to evade existing controls.

The skill also performs defensive mapping by overlaying known security controls onto the tree, surfacing nodes where no mitigation exists. This bridges the gap between high-level risk assessments and technical red-team planning without requiring manual diagramming.

Output formats include structured text trees, Mermaid.js diagrams suitable for embedding in GitHub or Notion, JSON for programmatic consumption, and Python data models compatible with Monte Carlo simulations. These outputs can be fed into CI/CD security review pipelines or architecture documentation workflows. The skill does not require any environment variables and has no external tool integrations listed.

Use cases

  • Decompose a complex threat scenario into AND/OR logic trees for a security architecture review
  • Score leaf nodes by cost and detection probability to prioritize red-team exercise targets
  • Generate Mermaid.js attack tree diagrams for embedding in GitHub pull request security reviews
  • Export JSON attack tree data for programmatic risk analysis or Monte Carlo simulation inputs
  • Map existing security controls onto an attack tree to identify unmitigated paths
  • Produce documented threat models for CI/CD pipeline security gates

When to use it

  • Building or reviewing threat models that require structured, auditable attack path logic
  • Preparing for red-team engagements and needing to identify lowest-cost or lowest-detection attack chains
  • Generating security documentation in formats compatible with GitHub, Notion, or Python tooling
  • Automating consistency in threat modeling across multiple systems or teams

When not to use it

  • If the goal is vulnerability scanning or penetration testing execution — this skill models paths, it does not exploit them
  • If real-time threat intelligence feeds or CVE data enrichment are required — no external data integrations are listed
  • If the required output format is something other than text trees, Mermaid, JSON, or Python models
  • If automated deployment or environment configuration is needed — no environment variables or transport mechanisms are defined