Overview
Decepticon agents don’t operate from hardcoded playbooks. They draw from a skill system — a curated library of offensive techniques organized by kill chain phase and tagged with MITRE ATT&CK identifiers.Progressive Disclosure
Skills use a progressive loading architecture to keep agent context windows clean:- Initial load — Only skill frontmatter (name, description, ATT&CK tags, phase) is loaded
- On-demand — When an agent selects a skill, the full content is loaded via
read_file() - Clean context — Agents only carry the detail they need for their current objective
This prevents context bloat. An agent working on initial access doesn’t need the full content of lateral movement techniques — just their existence and metadata.
Skill Categories
Skills are organized by agent role, not by a single kill-chain dimension. This lets the orchestrator load only the skills relevant to the specialist it is dispatching, while still covering the full attack lifecycle. The library currently ships these categories:
The vulnresearch plugin’s stage agents (
scanner, detector, verifier, patcher, exploiter) draw their skill catalog from a separate plugins/ tree when the bundle is loaded.
The progressive-disclosure loader filters this catalog by ATT&CK overlap with the active threat profile — out-of-profile skills are kept off the agent’s working set entirely.
Skillogy: Graph-Backed Skill Resolver
The catalog above is the source of truth on disk. The catalog the agent actually queries lives in a separate Neo4j-backed graph owned by a standalone Skillogy service. Why a graph and not justread_file() against a directory tree?
- Skills reference each other —
kerberoastingbuilds onad-reconand chains intoticket-forging. A graph lets the agent jump along those edges. - Filtering by ATT&CK ID, tag, subdomain, or tactic ID needs index lookups that walking the filesystem can’t answer cheaply.
- Multiple agents read concurrently; the graph centralizes consistency and avoids races on file caches.
9100 inside the management network) with three agent-facing tools, all of them thin REST clients exposed through SkillogyMiddleware:
Hard ACL (ADR-0008)
Skillogy isn’t a flat catalog. Each agent role only sees the slice the orchestrator wants it to see — thead_operator should not be browsing contracts/ skills, the contract_auditor should not be reading ad/. ADR-0008 wires this as a hard ACL rather than a soft convention: every Skillogy call carries an allowed_path_prefixes parameter (e.g. ["skills/standard/ad/", "skills/shared/"]) and the service rejects anything outside those prefixes at the query layer. Cross-role reads only succeed when the requested skill lives under skills/shared/.
The ACL is set by the agent factory (not the model), so a specialist can’t be talked into widening it via prompt injection.
How the file catalog and the graph stay in sync
The on-disk skill files remain the source of truth. The Skillogy service ingests them at container start (or via an explicit rebuild call) and projects them into Neo4j as:Skill nodes connected by typed edges derived from frontmatter. To add a skill: drop a SKILL.md into the right category directory, rebuild the graph, and it shows up to every agent whose ACL allows that prefix.
MITRE ATT&CK Integration
ATT&CK mapping is woven into every layer of Decepticon — not added after the fact:Objectives
Each OPPLAN objective carries
mitre technique IDs (e.g., T1190, T1003.001).Skills
ATT&CK techniques declared in skill frontmatter, displayed inline in the agent’s skill catalog.
Threat Actors
ConOps defines
initial_access and ttps as ATT&CK IDs, modeling specific adversary profiles.Skill Frontmatter Example
Each skill is a directory containing aSKILL.md (frontmatter + body) and optional references/, scripts/, and assets/ subdirectories.
Multi-Model Routing
Learn how different agent roles are routed to optimal model tiers.
