agent-bom-analyze
Analyze blast radius, attack paths, and threat landscape across your AI infrastructure. Use when: "blast radius", "threat intel", "risk score", "attack path", "lateral movement", "context graph", "who can reach what".
Best use case
agent-bom-analyze is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Analyze blast radius, attack paths, and threat landscape across your AI infrastructure. Use when: "blast radius", "threat intel", "risk score", "attack path", "lateral movement", "context graph", "who can reach what".
Teams using agent-bom-analyze should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/analyze/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How agent-bom-analyze Compares
| Feature / Agent | agent-bom-analyze | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Analyze blast radius, attack paths, and threat landscape across your AI infrastructure. Use when: "blast radius", "threat intel", "risk score", "attack path", "lateral movement", "context graph", "who can reach what".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# agent-bom-analyze — Blast Radius & Attack Path Analysis
Analyzes blast radius, attack paths, and the threat landscape across your AI
infrastructure. Maps lateral movement risks, identifies high-impact CVEs, and
visualizes agent context graphs.
## Install
```bash
pipx install agent-bom
agent-bom agents --verbose # blast radius detail for each agent
agent-bom agents -f json -o scan.json
agent-bom graph scan.json # export graph from a saved JSON report
```
## When to Use
- "blast radius" / "what's the blast radius"
- "threat intel" / "threat intelligence"
- "risk score" / "risk scoring"
- "attack path" / "attack paths"
- "lateral movement"
- "context graph" / "agent graph"
- "who can reach what"
## Commands
```bash
# Blast radius detail (verbose)
agent-bom agents --verbose
# Generate context graph
agent-bom agents -f json -o scan.json
agent-bom graph scan.json
```
## Tools
| Tool | Description |
|------|-------------|
| `blast_radius` | Map CVE impact chain across agents, servers, and credentials |
| `context_graph` | Agent context graph with lateral movement analysis |
| `analytics_query` | Query vulnerability trends, posture history, and risk scores |
## Examples
```
# Map blast radius of a specific CVE
blast_radius(cve_id="CVE-2024-21538")
# Build full context graph
context_graph()
# Query top CVEs by blast radius impact
analytics_query(query="top_blast_radius", days=30)
```
**Example blast radius output:**
```
CVE-2024-21538 — CRITICAL (CVSS 9.8, EPSS 0.94)
Blast Radius: 4 agents affected
filesystem [direct] langchain 0.1.0 → CVE-2024-21538
└─ github [indirect] shares filesystem credential scope
└─ slack [indirect] accessible via filesystem tool call
postgres [direct] langchain 0.1.0 → CVE-2024-21538
Recommended: Update langchain to ≥ 0.1.17
```
## Guardrails
- Analysis is read-only — no files are modified.
- Only public CVE IDs are sent externally (to EPSS and vulnerability databases).
- No internal config data, credentials, or agent details leave the machine.
- Present blast radius findings clearly and ask the user whether to generate a remediation plan when CRITICAL CVEs are found.