edit_attacker
Edit an existing attacker in a threat model. Update identity fields with LLM gate, or modify factor fields with required change reason.
Instructions
Edit an existing attacker. Only provided fields changed.
The composed likelihood is server-derived from the factor
fields; to change the rating, set factor values and supply
change_reason for the audit trail.
LLM-gated on identity-bearing fields (capability, archetype, position). Factor and trust_boundary edits skip the gate.
503 on evaluator outage, 502 on malformed response, 400 when
factor fields are sent without change_reason.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| model_id | Yes | ID of the threat model. | |
| position | No | New position (optional). | |
| archetype | No | New archetype (optional). | |
| capability | No | New capability (optional). | |
| attacker_id | Yes | ID of the attacker (e.g., "T1"). | |
| attack_vector | No | "Network" | "Adjacent" | "Local" | "Physical". | |
| change_reason | No | Required when any factor field is supplied — documents the operator override of LLM-generated factors. | |
| server_version | Yes | ||
| user_interaction | No | "None" | "Required". | |
| attack_complexity | No | "Low" | "High". | |
| trust_boundary_ids | No | Comma-separated trust boundary IDs (replaces existing). | |
| privileges_required | No | "None" | "Low" | "High". | |
| likelihood_rationale | No | New rationale (optional). | |
| capability_prevalence | No | "Commodity" | "Targeted" | "Rare". |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||