CTI Expert

What it does

CTI Expert provides a full cyber threat intelligence and open-source intelligence workflow: multi-vector collection, enrichment, assessment, and report delivery. It exposes 60+ commands for recon (sweep, subdomain, breach-deep), enrichment (branch, timeline, crossref), assessment (exposure, threat-model, validate), and delivery (/report, /brief) with strict output and export rules (MD + DOCX). The skill emphasizes collection method tagging, trust scoring, and ASCII-first visual outputs.

When to use it

Use for investigative tasks requiring automated OSINT pipelines: domain or person reconnaissance, breach analysis, incident triage, vulnerability checks, M365 tenant enumeration, and producing evidence-grade reports. Good for security teams, journalists, and analysts performing due diligence without external paid services.

What's included

• Scripts: repository includes report generation scripts under scripts/ (DOCX hybrid generator, JSON generators) though has_scripts=false in fetch output for this item — still contains substantive tooling and many technique docs.
• References: extensive technique docs, workflows, and architecture references are included.
• Instructions: detailed command reference, lifecycle (Acquire, Enrich, Assess, Deliver), and activation matrices.

Compatible agents

Best for Claude Code-style agents that can run browser fetchers, shell commands, and Python scripts; also usable by other advanced assistants that support script execution and file IO.