Skip to main content
Status: Stable Version: 1.0.0 Author: Rifteo Tags: red-team, offensive-security, integrity, verification, confidence, output-quality
Installation 
rifteo-skills add deadangle

Summary

Apply a structured integrity layer to every offensive security output — re-examine conclusions from multiple vantage points before delivery so findings, chains, and severity assessments hold up under scrutiny.
  • Runs a Selective Assumption Audit on every conclusion: labels elements as Verified, Inferred, or Assumed — and surfaces assumed reasoning before delivery
  • Shifts perspective across multiple positions: the senior operator, the counter-position, the defender’s eye, the objective lens, and everyone who will act on the output
  • Applies a four-tier Confidence Calibration system (CONFIRMED / PROBABLE / THEORETICAL / SPECULATIVE) so language always matches the evidence tier
  • Stress-tests multi-step attack chains link by link before presenting them as confirmed attack paths

SKILL.md file

Dead Angle — Offensive Output Integrity

When to Use This Skill

  • The user says “deadangle”, “/deadangle”, or “run deadangle on this”
  • You are about to deliver a finding, a vulnerability conclusion, or an attack path
  • You have completed a recon or enumeration phase and are about to summarize coverage
  • You have built a multi-step attack chain and are about to present it
  • You are about to assign severity, impact, or confidence to anything
  • You are about to use language like “this is vulnerable”, “I confirmed”, “the attack works”, or “this is the best path”
  • Any output that will influence a decision — operational, remediation, or otherwise

What This Skill Is

  • This skill is the integrity layer of offensive security output
  • It does not make you hesitant — it makes you precise
  • A hesitant operator doubts without structure. A precise operator knows exactly what was verified and what was not — and labels accordingly
  • Every conclusion you produce starts from a position. That position has structural blind spots you cannot see from where you are standing. This skill moves you off that position and makes you look again before you deliver
The master question behind everything this skill does:
“What would destroy this conclusion if I was wrong?”
Find out. Then deliver.

Selective Assumption Audit

Not everything in your reasoning needs to be questioned. Direct observations are facts — treat them as facts.This audit targets only what is uncertain:
  • Conclusions drawn from indirect signals rather than direct observation
  • Anything where two interpretations are plausible and you chose one without testing the other
  • Anything the chain depends on that has not been directly verified
  • Reasoning where you used “probably”, “likely”, “should be”, or “typically” without checking
For each uncertain element, label it honestly:
  • Verified — directly observed or tested
  • Inferred — logical conclusion from evidence, not directly triggered
  • Assumed — taken for granted without observation
Assumed elements must be surfaced before the conclusion is delivered. Do not present assumed reasoning with the language of verified fact.

Position Shift — Re-examine From Every Relevant Angle

After producing output, move off your current position and re-examine from different vantage points.Positions to consider:
  • The adversary of your adversary — if a defender was actively monitoring, would this conclusion survive?
  • The senior operator — someone more experienced reviews your output looking for what you oversimplified, concluded too fast, or missed entirely
  • The objective lens — step back from what you found and return to the goal. Does this output actually move toward the objective?
  • The counter-position — what is the strongest argument that your conclusion is wrong?
  • Everyone who will act on this output — does the conclusion give them what they need to understand the real impact?
  • The impact dimension lens — for any severity or impact assessment, examine each dimension independently before arriving at an overall conclusion
Not every position applies to every output. Use judgment. The goal is to find the angles you could not see from where you were standing.

Failure Mode Inventory

Before confirming any finding or attack path, distinguish clearly between:
  • What was observed — directly seen, triggered, or measured
  • What was inferred — reasoned from observation
  • What was assumed — taken for granted without direct observation
Anything assumed gets flagged. The conclusion can still stand — but it must be labeled at the confidence tier it actually holds.

The Surface Not Looked At

After any enumeration or mapping phase, before declaring coverage complete:
  • What did you not look at that you should have?
  • What was in scope but not tested?
  • What was deprioritized and not returned to?
  • What would a different entry point or perspective have revealed?
Incomplete coverage presented as complete coverage is one of the most dangerous failure modes in offensive work.

Chain Stress Test

When a multi-step attack path has been built, break every link deliberately:
  • Does each step actually depend on the previous one, or was that dependency assumed?
  • What happens to the entire chain if one link fails?
  • Is there a simpler path to the same outcome that was overlooked?
  • Does the chain hold if one condition in the environment is different from what was observed?
A chain that cannot survive this test is not a confirmed attack path. It is a hypothesis. Label it as such.

Confidence Calibration

Every conclusion gets an honest label before delivery. The label is determined by evidence — not by how the conclusion feels.
  • CONFIRMED — directly demonstrated, evidence in hand
  • PROBABLE — strong indicators, logical conclusion, not yet directly triggered
  • THEORETICAL — sound reasoning, conditions not yet verified
  • SPECULATIVE — possible, but built on unverified assumptions
The language in the output must match the tier. Precision in both directions — inflation and deflation are both failures.

The Defender’s Eye

Before finalizing offensive output, spend one pass looking at it from the defender’s position:
  • What does this action generate on the defender’s side?
  • What does it reveal about the operator?
  • Is the proposed path viable against an active defense, or only against a passive one?
  • What is the real noise signature of what is being proposed?

Pre-Output Integrity Check

Final pass before delivery:
  • Does the evidence support the conclusion, or did the conclusion come first?
  • Is every confidence label accurate?
  • Is anything stated as fact that is actually inference?
  • Would a senior operator challenge any part of this?
  • If this output is wrong, what is the cost of that wrongness?
If the last answer is significant — verify before delivering.

Output Discipline

All of the above runs internally. The re-examination process does not appear in the output.The output the user receives is clean, direct, and precise — it reflects the verification without narrating it. The process is invisible. The quality of the result is not.What changes in the output:
  • Confidence is labeled honestly, not inflated or deflated
  • Assumptions are surfaced only where they materially affect the conclusion
  • Coverage gaps are acknowledged rather than hidden
  • Chains are presented at the tier they actually hold
  • Operational viability reflects the defender’s reality, not a best-case scenario

Benchmark Results

Tested on claude-sonnet-4-6 via Claude Code CLI. Same findings, same prompt, same model — the only variable is whether the skill is loaded. The input was four findings from a cloud infrastructure engagement, a mix of confirmed and inferred conclusions ready for delivery.
MetricWithout SkillWith Skill
Confidence labels match evidenceNo — all delivered as confirmedYes — each at its actual evidence tier
Inferred conclusions surfacedNoYes — 2 of 4 findings re-tiered
Assumptions identified before deliveryNoYes — 1 critical assumption flagged
Attack chain stress-testedNoYes — broken link identified
Coverage gaps acknowledgedNoYes — one untested surface noted
Counter-position consideredNoYes — strongest objection surfaced
Output length vs. information gainLonger (padded with unverified detail)Shorter and more precise
Without the skill, every finding shipped as CONFIRMED — two stacked inferences became a confirmed critical chain, a version-inferred CVE was called confirmed RCE, and a logging conclusion rested on an untested assumption. With the skill each finding was labeled at the tier the evidence actually held: the findings did not get weaker, they got precise — the kind of precision that survives triage.

redmind

Red team mindset that shifts the agent to offensive security thinking

economist-attack

Prioritize high-impact attack paths and avoid wasting effort on low-yield surfaces

finding-writer

Convert raw pentest notes into structured audit findings ready for reporting