pt-post-exploitation
Performs authorized post-exploitation activities to assess impact, lateral movement paths, credential exposure, and detection gaps after initial compromise. Use when a foothold has been validated and the test requires controlled impact expansion analysis.
90
85%
Does it follow best practices?
Impact
100%
1.63xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Quality
Discovery
85%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted description that clearly defines a specific phase of penetration testing (post-exploitation) with concrete activities and an explicit 'Use when' trigger clause. Its main weakness is that the trigger terms lean toward specialized jargon, which could miss some natural user phrasings like 'pivoting', 'privilege escalation', or 'red team' activities.
Suggestions
Add common user-facing synonyms and variations such as 'pivoting', 'privilege escalation', 'persistence mechanisms', 'pentest', 'red team', or 'internal network movement' to improve trigger term coverage.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'assess impact', 'lateral movement paths', 'credential exposure', and 'detection gaps'. These are distinct, well-defined post-exploitation activities. | 3 / 3 |
Completeness | Clearly answers both what ('assess impact, lateral movement paths, credential exposure, and detection gaps') and when ('when a foothold has been validated and the test requires controlled impact expansion analysis') with an explicit 'Use when' clause. | 3 / 3 |
Trigger Term Quality | Includes relevant domain terms like 'post-exploitation', 'lateral movement', 'credential exposure', 'foothold', and 'initial compromise', but these are somewhat specialized. Missing common user variations like 'privilege escalation', 'pivoting', 'persistence', 'pentest', or 'red team'. | 2 / 3 |
Distinctiveness Conflict Risk | Occupies a clear niche in post-exploitation specifically, distinct from initial exploitation, reconnaissance, or vulnerability scanning skills. The trigger condition of 'foothold has been validated' clearly scopes when this skill applies versus other penetration testing phases. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, concise skill that clearly defines the post-exploitation workflow with appropriate safety boundaries and validation steps. Its main weakness is the lack of concrete, actionable examples—specific tools, commands, or technique demonstrations that would make the guidance immediately executable rather than procedural. The output template is a strong addition that gives Claude a clear deliverable format.
Suggestions
Add concrete examples of specific post-exploitation techniques or tool commands (e.g., example credential harvesting checks, specific lateral movement enumeration commands) to improve actionability.
Include at least one worked example showing how a finding flows from technical observation through the output template to demonstrate expected detail level.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and well-structured. It avoids explaining what post-exploitation is or how penetration testing works—concepts Claude already knows. Every section serves a clear purpose with no padding. | 3 / 3 |
Actionability | The workflow provides clear procedural guidance and the output template is concrete and usable, but the skill lacks specific commands, tools, or executable examples. Steps like 'Privilege escalation feasibility' and 'Lateral movement paths through trust relationships' are directional rather than concrete—no specific techniques, tool invocations, or example commands are provided. | 2 / 3 |
Workflow Clarity | The workflow is clearly sequenced from scope confirmation through cleanup/rollback with explicit validation checkpoints. Step 1 establishes boundaries, step 4 evaluates detection, and step 5 includes verification that the environment returns to expected state—a proper feedback/validation loop for a potentially destructive operation. | 3 / 3 |
Progressive Disclosure | For a skill of this size and scope, the content is well-organized into logical sections (objectives, workflow, output template, quality checks) without being monolithic. No unnecessary nesting or external references are needed given the content volume. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- santosomar/ethical-hacking-agent-skills
- Commit
9976e81
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.