This is the source repo for the capabilities Dreadnode publishes to app.dreadnode.io. A capability is a directory — a manifest plus any combination of agents, tools, skills, and MCP servers — that a Dreadnode runtime picks up and loads:
ai-red-teaming/
capability.yaml # manifest
agents/ # markdown prompts
tools/ # python @tool functions
skills/ # SKILL.md packs
- Published —
dn capability install dreadnode/ai-red-teaming(swap in any name fromcapabilities/) - From source —
dn capability install ./capabilities/ai-red-teamingsymlinks the directory into your runtime, so edits go live on reload - From the TUI — start
dn, pressCtrl+P, filter fordreadnode/
dn is the Dreadnode CLI — see getting-started to install and authenticate. Full install reference for capabilities lives at docs.dreadnode.io/capabilities/installing.
Every directory under capabilities/ is a shipped, working example. Read one alongside the docs:
- Concepts and load model
- Manifest reference
- Quickstart — scaffold to running in the TUI in about ten minutes
Every skill in this repo is scanned with cisco-ai-defense/skill-scanner for prompt injection, data exfiltration, tool-chaining abuse, and supply chain risk. CI fails on HIGH+ findings and uploads SARIF reports to GitHub Code Scanning. The repo policy in scan-policy.yaml tunes the scanner for security-focused content.
just security-scan # scan all capabilities
just security-scan web-security # scan one capability
just security-scan behavioral="true" # deep dataflow analysisThis repo is published for reference, not as a contribution target — we don't generally accept external PRs that add new capabilities. See CONTRIBUTING.md for what's useful to send and how to build your own capabilities instead.
Each capability declares its license in its capability.yaml.