Skills System
The skills system organizes 24 domain-specific skill suites, each containing markdown instructions (SKILL.md) and executable Python scripts. Skills are how Forge encodes offensive methodology -- each suite captures the knowledge of seasoned operators in a format the AI can load and execute.
SKILL.md Structure
Every skill suite is defined by a SKILL.md file in .claude/skills/<suite-name>/. These files use frontmatter for metadata and markdown for instructions.
---
name: webapp-exploit-hunter
description: Automated web application vulnerability scanner and exploit generator
category: exploitation
scripts:
- crawler.py
- sqli_tester.py
- xss_tester.py
- ssrf_tester.py
- idor_tester.py
- ssti_tester.py
- auth_tester.py
- upload_tester.py
- race_tester.py
- generate_poc.py
- vuln_report.py
---The markdown body contains the instructions loaded into the agent's prompt when the skill is invoked. It specifies methodology, tool selection logic, and expected outputs.
Skill Suites by Domain
| Domain | Suites |
|---|---|
| Reconnaissance | recon-dominator, domain-assessment, web-application-mapping |
| Web Application | webapp-exploit-hunter, common-appsec-patterns |
| API Security | api-breaker |
| Exploitation | exploitation, vuln-chain-composer, attack-path-architect |
| Post-Exploitation | post-exploitation |
| Cloud | cloud-pivot-finder |
| Evasion | edr-evasion-engine, stealth-execution-engine, anti-forensics-suite |
| Implants | linux-implant-suite, web-implant-factory |
| Phishing | phishing-arsenal |
| Auditing | source-code-auditor, crypto-auditor, ai-threat-testing |
| Automation | pentest, hackerone, improvised, test-detection |
| Support | authenticating, cve-testing, malware-analysis-lab |
Discovery
The SkillTool scans .claude/skills/ recursively and indexes all SKILL.md files. Discovery runs at startup and on-demand. Each skill's metadata (name, category, script list) is cached for fast lookup during engagements.
Invocation
Two invocation paths:
- Prompt loading. The SKILL.md instructions are loaded into the agent's system prompt, providing specialized methodology for the task at hand.
- Script execution. Python scripts in the skill's
scripts/directory are executed viaRedTeamScript, which validates arguments and captures structured output. All 147 scripts are stdlib-only -- no pip dependencies required.
Scripts
Scripts are organized within each suite's scripts/ directory. They follow a consistent interface: CLI arguments for target specification, JSON or structured text output, and exit codes for success/failure signaling. No script compiles or requires external build tools. This ensures instant deployability on any Python 3.8+ environment.