- Home
- Skills
- Pluginagentmarketplace
- Custom Plugin Ai Red Teaming
- Red Team Reporting
red-team-reporting_skill
- Python
1
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill pluginagentmarketplace/custom-plugin-ai-red-teaming --skill red-team-reporting- SKILL.md18.4 KB
Overview
This skill generates professional security assessment reports, executive summaries, detailed finding documentation, compliance mappings, and remediation tracking for red team assessments. It produces stakeholder-ready artifacts that include risk narratives, proof-of-concept evidence, prioritized remediation roadmaps, and exportable tracking items. Reports are tailored for executives, engineers, and compliance teams.
How this skill works
The skill ingests structured assessment data (findings, timelines, evidence, metadata) and assembles a multi-section report: executive summary, detailed findings, methodology, compliance mapping, and remediation roadmap. It formats findings with severity, CVSS, impact, POC, and remediation timelines, maps items to frameworks (OWASP LLM, NIST AI RMF, MITRE), and produces executive, technical, and compliance variants. It also generates remediation dashboards and can export tracking artifacts (JIRA tickets, dashboards) for progress monitoring.
When to use it
- After a red team or AI security assessment to produce stakeholder-ready deliverables
- When you need one‑page executive summaries and detailed technical reports from the same dataset
- To map findings to regulatory or industry frameworks for audits
- To create reproducible finding templates and PoC artifacts for engineering handoff
- When you must track remediation progress and generate tickets for issue management
Best practices
- Collect structured assessment data (metadata, severity, CVSS, PoC, evidence) before report generation
- Use the executive report for leadership and technical reports for engineering handoffs
- Map each finding to at least one compliance control to support audits and regulatory responses
- Include concrete remediation actions with owners, timelines, and verification criteria
- Maintain an evidence bundle (screenshots, logs, payloads) alongside each finding for reproducibility
Example use cases
- One‑page executive summary for board or regulator briefings after an AI model assessment
- Detailed technical report with PoC and remediation code for developer teams
- Compliance mapping report to demonstrate alignment with OWASP LLM, NIST AI RMF, or EU AI Act
- Remediation progress dashboard and JIRA exports to manage fix workflow and SLA reporting
- Finding templates for consistent intake, triage, and tracking across assessments
FAQ
Yes. Findings can embed PoC payloads, request/response logs, screenshots, and video evidence to support reproducibility and validation.
How are severities and response times determined?
Severity is assigned with CVSS ranges and contextual impact (CONFIDENTIAL/INTEGRITY/AVAILABILITY). Standard response windows are defined per severity (e.g., Critical 24h, High 72h) and included in the report.