Attack Surface Mapper

Name/description align with what the files do: enumerate local attack surfaces, ingest red-team (.jsonl) and blue-team logs, score gaps, and write a report. The skill does not request unrelated credentials, binaries, or network access.

SKILL.md instructs the agent to read local security artifacts (.security/*) and produce reports — which matches the code. However there are several inconsistencies between prose and implementation that can cause missed or confusing results (see details): e.g., SKILL.md mentions '.security/audits/*.md' and firewall logs while the code reads .jsonl files in different directories; surface names/identifiers differ between SKILL.md, skill.json and index.js (e.g., 'INTER-AGENT' vs 'INTER_AGENT', 'supply-chain' vs 'SUPPLY_CHAIN'), which may lead to unscanned surfaces or false negatives. The guardrail

No install spec; this is effectively instruction + a local JS module. No downloads, no packages installed by the skill itself.

The skill requires no environment variables, no credentials, and only reads files under .security subdirectories. This is proportionate for a local attack-surface mapper. There is no evidence of attempts to access unrelated config or secrets.

always:false and model invocation allowed are the defaults. The skill writes local reports to .security/surface-map (expected for its purpose). It does not modify other skills or system-wide settings.