rtexit-method 0.1.0 → 0.1.2

package/packaged-assets/.agents/skills/rt-exploit-physical/SKILL.md

@@ -0,0 +1,63 @@
+---
+name: rt-exploit-physical
+description: "Physical security assessment skill for authorized facility walkthroughs, access-control review, visitor process evaluation, tailgating simulation, evidence handling, and remediation."
+---
+
+# rt-exploit-physical - Physical Security Assessment
+
+> Physical testing requires explicit SEAD authorization, site contacts, safety rules, local legal awareness, and stop conditions. Never create unsafe conditions or bypass life-safety systems.
+
+## Overview
+
+Physical security testing evaluates whether people, process, and facility controls protect sensitive areas and assets. This skill focuses on structured observation, approved simulation, and process improvement.
+
+## Prerequisites
+
+- Approved locations and test windows.
+- Approved techniques and prohibited areas.
+- Emergency contact and stop phrase.
+- Badge/visitor policy expectations.
+- Photography and recording rules.
+- Local safety requirements.
+
+## Test Areas
+
+| Area | Control Questions |
+|---|---|
+| Reception | Are visitors verified, logged, and escorted? |
+| Badge Control | Are badges visible, unique, and challenged? |
+| Tailgating | Do employees challenge unknown persons? |
+| Sensitive Rooms | Are server rooms and storage areas access-controlled? |
+| Deliveries | Are delivery paths separated from secure areas? |
+| Disposal | Are documents/media disposed securely? |
+| CCTV/Alarms | Are monitoring and response processes defined? |
+
+## Workflow
+
+1. Confirm site briefing and safety constraints.
+2. Perform walkthrough and map control points.
+3. Execute only approved simulations.
+4. Document observations with timestamps and location.
+5. Debrief client promptly if sensitive weakness is observed.
+6. Convert observations into findings and remediation roadmap.
+
+## Evidence
+
+Use approved photos, access logs provided by client, observation notes, and post-test interviews. Avoid publishing employee names unless required and authorized.
+
+## Remediation
+
+- Visitor verification and escort process.
+- Anti-tailgating awareness.
+- Badge challenge culture.
+- Sensitive room access reviews.
+- Secure disposal bins and clean desk policy.
+- Delivery and contractor handling process.
+- Physical incident reporting channel.
+
+## Autodoc
+
+```bash
+python _rtexit/scripts/autodoc_engine.py log --skill rt-exploit-physical --phase exploitation --cmd "physical assessment observation" --output "redacted observation summary"
+```
+

package/packaged-assets/.agents/skills/rt-exploit-physical/workflow.md

@@ -0,0 +1,68 @@
+# Workflow - rt-exploit-physical
+
+## Purpose
+
+This workflow standardizes how $skill is executed inside RTExit. It is designed for authorized engagements, evidence-first documentation, and consistent handoff into reporting.
+
+## Authorization Gate
+
+Before execution, confirm:
+
+- SEAD exists and explicitly covers the target asset or activity.
+- Rules of Engagement define allowed techniques, rate limits, and stop conditions.
+- The operator knows the evidence handling rules.
+- Any active or sensitive validation has client approval.
+
+If any item is unclear, pause and invoke 
+
+## Required Inputs
+
+| Input | Source | Notes |
+|---|---|---|
+| Engagement reference | _rtexit/config.toml or SEAD | Used in output names. |
+| Target asset(s) | Scope document | Must be explicitly approved. |
+| Operator name | Config/user context | Used in timeline entries. |
+| Evidence directory | _rtexit-output/docs/evidence/ | Store logs, screenshots, and artifacts. |
+| Finding tracker | _rtexit-output/docs/findings/ | Create/update findings when confirmed. |
+
+## Execution Steps
+
+1. Load current engagement configuration.
+2. Read scope, exclusions, and current findings.
+3. Build a small test plan for this skill with target, expected control, and evidence type.
+4. Run the lowest-risk validation first.
+5. Capture baseline behavior before proof behavior.
+6. Record exact timestamp, account/role used, and affected asset.
+7. Stop when evidence is sufficient; avoid unnecessary data access.
+8. Create or update findings through the RTExit finding tracker.
+9. Map remediation owner and recommended timeline.
+10. Add a timeline entry and evidence chain entry.
+
+## Evidence Requirements
+
+| Evidence | Required? | Notes |
+|---|---|---|
+| Command or action summary | Yes | Redact secrets and tokens. |
+| Screenshot or transcript | If useful | Store under evidence folder. |
+| Request/response pair | For web/API | Redact cookies and bearer tokens. |
+| Config excerpt | For cloud/infra | Include only relevant lines. |
+| Business impact note | Yes | Explain why it matters. |
+
+## Autodoc Commands
+
+`ash
+python _rtexit/scripts/autodoc_engine.py log --skill rt-exploit-physical --phase auto --cmd "workflow execution" --output "summary"
+python _rtexit/scripts/finding_tracker.py list
+`
+
+## Completion Criteria
+
+- Scope and authorization are referenced.
+- Evidence is stored and redacted.
+- Findings are added or explicitly marked as not found.
+- Remediation guidance is actionable.
+- Timeline and chain of custody are updated where applicable.
+
+## Handoff
+
+Send confirmed findings to 

package/packaged-assets/.agents/skills/rt-exploit-postgresql/SKILL.md

@@ -0,0 +1,67 @@
+---
+name: rt-exploit-postgresql
+description: "PostgreSQL security assessment skill for authorized configuration review, role/privilege analysis, extension risk, schema permissions, application query review, and remediation."
+---
+
+# rt-exploit-postgresql - PostgreSQL Assessment
+
+## Overview
+
+PostgreSQL risk centers on role inheritance, overly broad schema permissions, unsafe extensions, exposed administrative ports, weak `pg_hba.conf` policy, and application injection. This skill structures safe validation.
+
+## Prerequisites
+
+- In-scope database or application endpoint.
+- Approved account and role.
+- Read/write boundaries.
+- Permission to inspect configuration where available.
+
+## Assessment Areas
+
+| Area | Checks |
+|---|---|
+| Exposure | Listener address, firewall, cloud security groups. |
+| Authentication | `pg_hba.conf` intent, password methods, SSO/IAM integration. |
+| Roles | Inheritance, superuser, createdb, createrole, replication. |
+| Schemas | Public schema permissions, default privileges. |
+| Extensions | Unneeded or risky extensions. |
+| Transport | TLS and certificate verification. |
+| App Layer | Parameterization and ORM escape hatches. |
+
+## Workflow
+
+1. Confirm scope and account role.
+2. Inventory version, roles, schemas, and extensions.
+3. Review public schema and default permissions.
+4. Validate injection or privilege concerns with harmless test queries.
+5. Map business impact to data classes and application features.
+6. Recommend role redesign and query fixes.
+
+## Evidence
+
+Use role summaries, schema permission snippets, redacted screenshots, and paired app requests. Avoid broad table exports.
+
+## Remediation
+
+- Remove unnecessary superuser/createrole rights.
+- Lock down public schema.
+- Use parameterized queries.
+- Enforce TLS.
+- Review extensions.
+- Separate migration/admin/application roles.
+
+
+## Finding Examples
+
+| Finding | Severity Driver |
+|---|---|
+| Application role owns schema | Integrity and privilege risk. |
+| Public schema writable | Object shadowing and data integrity risk. |
+| No TLS for remote DB access | Credential and data interception risk. |
+| Unsafe query construction | Injection and data access risk. |
+
+## Autodoc
+
+```bash
+python _rtexit/scripts/autodoc_engine.py log --skill rt-exploit-postgresql --phase exploitation --cmd "PostgreSQL posture review" --output "redacted database risk summary"
+```