Files
Anthropic-Cybersecurity-Skills/skills/red-teaming-llms-with-garak/references/api-reference.md
T
mukul975 8cae0648ec Add 55 new skills across 3 new domains + 6 undercovered areas (762 -> 817)
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):

- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
  prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
  invocation, guardrails, model/data poisoning, system-prompt leakage,
  embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
  malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
  Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
  shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
  Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration

Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
2026-06-22 19:08:16 +02:00

3.0 KiB

garak CLI Reference

Source: https://github.com/NVIDIA/garak and https://reference.garak.ai/en/latest/cliref.html

Invocation

python -m garak <options>
# or the console script
garak <options>

Core flags

Flag Description Example
--target_type (alias --model_type) Generator family / interface --target_type openai
--target_name (alias --model_name) Specific model name --target_name gpt-4o-mini
--probes, -p Comma-separated probe spec; module or module.Class --probes promptinject,dan.Dan_11_0
--detectors, -d Override detectors --detectors mitigation.MitigationBypass
--generations, -g Completions generated per prompt --generations 5
--parallel_attempts Parallel probe attempts (throughput) --parallel_attempts 8
--report_prefix Prefix for output report files --report_prefix baseline
--config Load a YAML/JSON run config --config assessment.yaml
-G / --generator_option_file JSON file with generator options (REST etc.) -G rest.json
--generator_options Inline JSON generator options
--list_probes Print all probes and exit
--list_detectors Print all detectors and exit
--list_generators Print all generator types and exit
--list_buffs Print prompt-mutating buffs
--version Print version
--verbose, -v Increase logging

Common target_type values

Value Target
huggingface Local Hugging Face model
openai OpenAI / OpenAI-compatible API (uses OPENAI_API_KEY)
rest Arbitrary HTTP endpoint via JSON spec
ggml / nim / replicate / cohere / bedrock Other hosted/local backends

REST generator JSON spec keys

Key Meaning
uri Endpoint URL
method HTTP method (post)
headers Request headers (supports $ENV_VAR)
req_template_json_object Request body with $INPUT placeholder
response_json true if response is JSON
response_json_field JSONPath to extract the model output

Output artifacts

File Content
<prefix>.report.jsonl Line-delimited record of every attempt, generation, and detector verdict
<prefix>.report.html Human-readable scorecard
<prefix>.hitlog.jsonl Confirmed successful attacks (evidence)
garak.log Debug log

Example runs

# Enumerate
garak --list_probes

# Local HF model, single jailbreak probe
python -m garak --target_type huggingface --target_name gpt2 --probes dan.Dan_11_0

# Hosted API, injection + leakage suite
export OPENAI_API_KEY="sk-..."
python -m garak --target_type openai --target_name gpt-4o-mini \
  --probes promptinject,latentinjection,leakreplay \
  --generations 5 --parallel_attempts 8 --report_prefix assessment

# Arbitrary REST endpoint
python -m garak --target_type rest -G rest.json --probes promptinject,dan