Skill System

All functionality lives in .claude/skills/<name>/SKILL.md. The project never uses .claude/commands/ files.

Skill Structure

Skills use YAML frontmatter with:

• name — Skill identifier
• description — What the skill does
• disable-model-invocation — Whether AI reasoning is needed
• allowed-tools — Which tools the skill can use
• argument-hint — Usage hint for arguments

Supporting Files

Each skill directory can contain:

• SKILL.md — Main skill definition
• helpers/ — Knowledge packs, cheatsheets, research terms
• Supporting scripts referenced by ${CLAUDE_SKILL_DIR}

Shared Boilerplate

All 16 /test-* skills reference pentest/helpers/skill-boilerplate.md for shared init code:

• PATH isolation
• Stealth mode configuration
• log_event() and log_finding() functions
• Kill switch (45min timeout, 500 request limit)
• stealth_curl() with 429 backoff scaled by JITTER_MULT
• --scope / --endpoints routing
• Agent status reporting

Modifying shared behavior

To modify boilerplate, edit skill-boilerplate.md once — all 17 skills inherit changes automatically. No batch script needed.

Sub-skill Scopes

Four heavy skills support --scope for fine-grained dispatch:

Skill	Available Scopes
test-injection	sqli, xss, ssti-xxe, cmdi, misc
test-auth	jwt, oauth, session
test-client	csrf-cors, dom, misc
test-ssrf	core, vector