richfrem/red-team-bundler
plugins/context-bundler/skills/red-team-bundler/SKILL.md
Interactively prepares a targeted Red Team Review package. It conducts a brief discovery interview to determine the threat model, generates a strict security auditor prompt, compiles a manifest of relevant project files, and bundles them into a single Markdown artifact or ZIP archive ready for an external LLM (like Grok, ChatGPT, or Gemini) or a human reviewer.
$ install --global
skillsauthnpx skillsauth add richfrem/agent-plugins-skills red-team-bundlerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 27, 2026, 7:25 AM64.2s11 files scanned
SKILL.md
- name:
- red-team-bundler
- plugin:
- context-bundler
- description:
- Interactively prepares a targeted Red Team Review package. It conducts a brief discovery interview to determine the threat model, generates a strict security auditor prompt, compiles a manifest of relevant project files, and bundles them into a single Markdown artifact or ZIP archive ready for an external LLM (like Grok, ChatGPT, or Gemini) or a human reviewer.
- allowed-tools:
- Bash, Read, Write
Red Team Bundler Skill 🕵️♂️
Overview
This skill automates the preparation of "Red Team" security and architecture reviews. Instead of manually explaining the context to an external LLM, this skill generates a highly specific instruction prompt, gathers the relevant codebase files, and uses the core Context Bundler scripts to compile them into a single, seamless payload.
Because context windows are valuable and red team reviews require precision, this is a Level 2.0 Interactive Skill. You must not blindly guess the user's intent or immediately execute scripts. You must follow the phased workflow below to confirm the target, threat model, and format before generating the payload.
🎯 Primary Directive
Discover, Confirm, Isolate, Instruct, and Package. You are creating a standalone artifact designed to be read by an external AI or human. The most critical part of this bundle is the Prompt—it must explicitly tell the receiving AI how to attack, review, or analyze the accompanying code based on the user's specific threat model.
Core Workflow
When asked to prepare a red team review, you MUST follow these phases in order. Do not skip to execution.
Phase 1: Discovery Interview (Targeted Diagnostics)
Before creating any directories or writing any files, evaluate the user's initial request. If it is vague, you must ask 1-2 targeted questions to shape the payload:
- Threat Model / Focus: What specific vulnerabilities are we hunting for? (e.g., OWASP top 10, Authentication bypass, Business logic flaws, Data exfiltration).
- Format Negotiation: Where is this bundle going? (e.g., "Are you pasting this into a web UI like ChatGPT/Grok (needs
.md), or do you need a.zipto send to a human reviewer/offline agent?")
Wait for the user's response before proceeding.
Phase 2: Recap & Confirm (Pre-Execution Gate)
Draft the execution plan based on the discovery phase, but DO NOT execute the Python scripts or write to disk yet. Present the proposed plan to the user for approval:
Red Team Bundle Plan:
- Target Topic: [Topic Name]
- Format: [.md or .zip]
- Proposed Persona/Prompt: "Act as a ruthless security auditor focusing on [Threat Model]..."
- Proposed Files to Bundle:
1. src/auth/...
2. docs/security...
Does this look right? (yes / adjust)
Wait for the user to confirm.
Phase 3: Initialize & Draft
Once the user confirms the plan, create the workspace and draft the prompt:
- Create the Temp Directory:
mkdir -p temp/red-team-review-[topic-name] - Write the Prompt: Write the agreed-upon text into
temp/red-team-review-[topic-name]/prompt.md. The prompt must explicitly establish the Red Team rules of engagement, the specific threat model, and the desired severity scoring (Critical, High, Medium, Low).
Phase 4: Build the Manifest
Create file-manifest.json inside the temp directory.
CRITICAL ORDERING: The newly created prompt.md MUST be the very first item in the files array. This ensures the receiving LLM reads the instructions before reading the source code.
{
"title": "Red Team Review: [Topic Name]",
"description": "Security and architecture review bundle focusing on [Threat Model].",
"files": [
{
"path": "temp/red-team-review-[topic-name]/prompt.md",
"note": "Primary Instructions & Rules of Engagement"
},
{
"path": "src/target/logic.py",
"note": "Target: Core implementation logic"
},
{
"path": "docs/security-model.md",
"note": "Context: Intended security architecture"
}
]
}
(Note: Use directory paths like src/auth/ to recursively include entire folders if necessary, rather than listing 50 files manually).
Phase 5: Execute & Handoff
Invoke the appropriate core Context Bundler script based on the format negotiated in Phase 1.
(Adjust the script path below depending on if you are running this from the plugin root or via an npx installed .agents/ path).
-
For Markdown (.md):
python ./scripts/bundle.py --manifest temp/red-team-review-[topic-name]/file-manifest.json --bundle temp/red-team-review-[topic-name]/payload.md -
For ZIP Archive (.zip):
python ./scripts/bundle_zip.py --manifest temp/red-team-review-[topic-name]/file-manifest.json --bundle temp/red-team-review-[topic-name]/payload.zip
Once the payload is generated, inform the user that it is ready for handoff. If it is a Markdown file, explicitly remind them they can copy the contents of that file and paste it directly into their external chat interface.
Related Skills
richfrem/vector-db-ingest
tools
VerifiedTrustedCommunity
Ingests repository files into the ChromaDB vector store. Builds or updates the vector index from a manifest or directory scan using ingest.py. Use when new files need to be indexed or the vector store is out of date. <example> user: "Index these new plugin files into the vector database" assistant: "I'll use vector-db-ingest to add them to the vector store." </example> <example> user: "The vector store is missing recent files -- update it" assistant: "I'll use vector-db-ingest to re-index the changes." </example>
3SKILL.mdUpdated Jun 2, 2026
richfrem/vector-db-cleanup
data-ai
VerifiedTrustedCommunity
Removes stale and orphaned chunks from the ChromaDB vector store for files that have been deleted or renamed. Use after files are removed or moved to keep the vector index in sync with the filesystem. <example> user: "Clean up the vector store after I deleted some files" assistant: "I'll use vector-db-cleanup to remove orphaned chunks." </example> <example> user: "The vector database has chunks for files that no longer exist" assistant: "I'll run vector-db-cleanup to prune them." </example>
3SKILL.mdUpdated Jun 2, 2026
richfrem/vector-db-audit
testing
VerifiedTrustedCommunity
Audit Vector DB coverage -- compares the live filesystem manifest against the ChromaDB index to identify coverage gaps.
3SKILL.mdUpdated Jun 2, 2026
richfrem/rlm-search
development
VerifiedTrustedCommunity
3-Phase Knowledge Search strategy for the RLM Factory ecosystem. Auto-invoked when tasks involve finding code, documentation, or architecture context in the repository. Enforces the optimal search order: RLM Summary Scan (O(1)) -> Vector DB Semantic Search -> Grep/Exact Match. Never skip phases.
3SKILL.mdUpdated Jun 2, 2026