pt-post-exploitation

Performs authorized post-exploitation activities to assess impact, lateral movement paths, credential exposure, and detection gaps after initial compromise. Use when a foothold has been validated and the test requires controlled impact expansion analysis.

1.63x

Quality

85%

Does it follow best practices?

Impact

100%

1.63x

Average score across 3 eval scenarios

Securityby

Advisory

Suggest reviewing before use

Quality

Content

85%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured, concise skill that clearly defines the post-exploitation workflow with appropriate safety boundaries and validation steps. Its main weakness is the lack of concrete, actionable examples—specific tools, commands, or technique demonstrations that would make the guidance immediately executable rather than procedural. The output template is a strong addition that gives Claude a clear deliverable format.

Suggestions

Add concrete examples of specific post-exploitation techniques or tool commands (e.g., example credential harvesting checks, specific lateral movement enumeration commands) to improve actionability.

Include at least one worked example showing how a finding flows from technical observation through the output template to demonstrate expected detail level.

Dimension	Reasoning	Score
Conciseness	The content is lean and well-structured. It avoids explaining what post-exploitation is or how penetration testing works—concepts Claude already knows. Every section serves a clear purpose with no padding.	3 / 3
Actionability	The workflow provides clear procedural guidance and the output template is concrete and usable, but the skill lacks specific commands, tools, or executable examples. Steps like 'Privilege escalation feasibility' and 'Lateral movement paths through trust relationships' are directional rather than concrete—no specific techniques, tool invocations, or example commands are provided.	2 / 3
Workflow Clarity	The workflow is clearly sequenced from scope confirmation through cleanup/rollback with explicit validation checkpoints. Step 1 establishes boundaries, step 4 evaluates detection, and step 5 includes verification that the environment returns to expected state—a proper feedback/validation loop for a potentially destructive operation.	3 / 3
Progressive Disclosure	For a skill of this size and scope, the content is well-organized into logical sections (objectives, workflow, output template, quality checks) without being monolithic. No unnecessary nesting or external references are needed given the content volume.	3 / 3
	Total	11 / 12 Passed

Description

85%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a well-crafted description that clearly defines a specific phase of penetration testing (post-exploitation) with concrete activities and an explicit 'Use when' trigger clause. Its main weakness is that the trigger terms lean toward specialized jargon, which could miss some natural user phrasings like 'pivoting', 'privilege escalation', or 'red team' activities.

Suggestions

Add common user-facing synonyms and variations such as 'pivoting', 'privilege escalation', 'persistence mechanisms', 'pentest', 'red team', or 'internal network movement' to improve trigger term coverage.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: 'assess impact', 'lateral movement paths', 'credential exposure', and 'detection gaps'. These are distinct, well-defined post-exploitation activities.	3 / 3
Completeness	Clearly answers both what ('assess impact, lateral movement paths, credential exposure, and detection gaps') and when ('when a foothold has been validated and the test requires controlled impact expansion analysis') with an explicit 'Use when' clause.	3 / 3
Trigger Term Quality	Includes relevant domain terms like 'post-exploitation', 'lateral movement', 'credential exposure', 'foothold', and 'initial compromise', but these are somewhat specialized. Missing common user variations like 'privilege escalation', 'pivoting', 'persistence', 'pentest', or 'red team'.	2 / 3
Distinctiveness Conflict Risk	Occupies a clear niche in post-exploitation specifically, distinct from initial exploitation, reconnaissance, or vulnerability scanning skills. The trigger condition of 'foothold has been validated' clearly scopes when this skill applies versus other penetration testing phases.	3 / 3
	Total	11 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: santosomar/ethical-hacking-agent-skills
Commit: 9976e81

Reviewed: 2 months ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.