> ## Documentation Index
> Fetch the complete documentation index at: https://mintlify.com/CyberStrikeus/CyberStrike/llms.txt
> Use this file to discover all available pages before exploring further.
# Skills
> Load reusable security knowledge into agents as structured Markdown context.
Skills are Markdown instruction files that agents load as additional context. They encode domain-specific knowledge — attack techniques, testing methodologies, tool cheatsheets — that agents draw on during assessments.
## How skills work
When an agent is invoked, CyberStrike resolves the skills assigned to it and injects their content into the agent's context. Skills are referenced by name, not path, so the same skill can be reused across multiple agents.
Skills are plain Markdown files named `SKILL.md` with YAML frontmatter:
```markdown theme={null}
---
name: my-skill
description: Short description of what this skill covers
---
# Skill content
The full Markdown body becomes the skill's content.
```
## Built-in skills
CyberStrike ships with the following built-in skills, stored in `.cyberstrike/skill/`:
| Skill name | Description | Used by |
| ----------------------- | ------------------------------------------------------------------------------- | ------------------ |
| `wstg-recon-config` | WSTG reconnaissance, configuration, error handling, and cryptography techniques | `web-application` |
| `wstg-auth-session` | Authentication and session management testing techniques | `web-application` |
| `wstg-injection` | Injection vulnerability testing (SQL, NoSQL, command, SSTI, etc.) | `web-application` |
| `wstg-logic-client-api` | Business logic, client-side, and API testing techniques | `web-application` |
| `ad-security` | Active Directory security testing and attack techniques | `internal-network` |
| `kerberos-attacks` | Kerberos protocol attack techniques and exploitation | `internal-network` |
You can inspect any built-in skill at `.cyberstrike/skill//SKILL.md` in the CyberStrike repository.
## Skill file format
Every skill is a `SKILL.md` file inside a named directory. The directory name does not need to match the skill name, but the `name` frontmatter field must be unique across all loaded skills.
```
my-skills/
jwt-attacks/
SKILL.md
ssrf-techniques/
SKILL.md
payloads.txt # Additional files can be co-located
```
### Required frontmatter fields
| Field | Type | Description |
| ------------- | -------- | --------------------------------------------------------------- |
| `name` | `string` | Unique skill identifier used to reference the skill from agents |
| `description` | `string` | Short description of what the skill covers |
Additional frontmatter fields (like `tags`, `version`) are supported by convention but not required by the loader.
## Adding custom skills
### Local skill paths
Add a `skills.paths` entry to `cyberstrike.json` to load skills from a directory on disk:
```json theme={null}
{
"skills": {
"paths": ["./my-skills", "~/shared-skills"]
}
}
```
Paths starting with `~/` are expanded to the home directory. Relative paths are resolved from the project root. CyberStrike recursively scans each directory for `SKILL.md` files.
### Remote skills
Add a `skills.urls` entry to load skills from a remote server:
```json theme={null}
{
"skills": {
"urls": ["https://example.com/.well-known/skills/"]
}
}
```
The URL must serve an `index.json` file listing available skills:
```json theme={null}
{
"skills": [
{
"name": "my-remote-skill",
"description": "A remotely hosted skill",
"files": ["SKILL.md"]
}
]
}
```
CyberStrike downloads each skill's files and caches them locally. Skills are fetched once and served from cache on subsequent runs.
### Project-level skill directories
Place skill directories inside `.cyberstrike/skill/` or `.cyberstrike/skills/` for automatic discovery with no configuration required:
```
.cyberstrike/
skill/
custom-injection/
SKILL.md
api-auth/
SKILL.md
```
### User-level skills
Place skills in `~/.cyberstrike/skill/` to make them available across all projects.
## Creating a custom skill
```bash theme={null}
mkdir -p .cyberstrike/skill/jwt-attacks
```
Create `.cyberstrike/skill/jwt-attacks/SKILL.md` with the skill frontmatter and content:
The file starts with a YAML frontmatter block containing `name` and `description`, followed by the full Markdown body with your attack techniques, payloads, tool commands, and methodology notes. The content is injected directly into the agent's context window.
Example structure:
* Frontmatter: `name: jwt-attacks`, `description: JWT vulnerability testing`
* Body sections: Algorithm Confusion, RS256-to-HS256, weak secret brute force, claim injection
Reference the skill by name in your custom agent's frontmatter, or use it with a built-in agent via `cyberstrike.json`. Skills are automatically available to any agent with access to the skill directory.
## Skill loading order
CyberStrike loads skills in this order (later entries override earlier ones if names conflict):
1. External directories (`.claude/skills/`, `.agents/skills/`) — global home first, then project-level
2. `.cyberstrike/skill/` directories (global config dir, then project)
3. Additional paths from `skills.paths` in `cyberstrike.json`
4. Remote skills from `skills.urls` in `cyberstrike.json`
If two skills share the same `name`, the later-loaded skill wins. CyberStrike logs a warning when it detects duplicate skill names.
## Using skills in custom agents
Reference skills by name in an agent's configuration. Skills loaded from any source are available to any agent — they are resolved by name at runtime.
When creating a custom agent file, you can note in the system prompt which skills the agent relies on. The skill content is injected by CyberStrike automatically based on the agent's `skills` array (set via code for built-in agents) or available skill context.
For custom agents defined as `.md` files, all loaded skills are available as reference context that the agent can invoke via the `skill` tool when permitted.