// Use when the user asks for a security review of a pull request, commit, branch diff, working-tree patch, or other Git-backed change set.
| name | security-diff-scan |
| description | Use when the user asks for a security review of a pull request, commit, branch diff, working-tree patch, or other Git-backed change set. |
| metadata | {"short-description":"Run security diff scan"} |
Used when a user wants to review a Git-backed change set for security regressions. Keep the scan phases separate and produce final HTML and markdown reports.
Keep these phases distinct and run them in linear order:
$threat-model$finding-discovery$validation$attack-path-analysisTreat this skill as the top-level orchestrator for the four skills plus the final report assembly step. Do not collapse the phases together.
For each phase:
Do not read ahead into later-phase skills until the current phase has completed. Do not amortize effort across phases: complete each phase to the full depth expected by that phase before moving on.
Before substantive scan work, create a Codex goal for the scan if the runtime exposes goal tools and no active goal already covers this scan. The objective should state that the scan must not stop until the resolved diff-scoped files have been covered and the required coverage artifacts prove that closure.
Use objective wording shaped like:
Run the Codex Security diff scan for <resolved target>; do not stop until every diff-scoped file/worklist row has a completion receipt or explicit deferred closure, every candidate has required ledger receipts, and the final report is written.
If a compatible active goal already exists, continue under it instead of creating a duplicate. If goal tools are unavailable, state the same coverage objective in the first visible scan update and continue.
Do not mark the goal complete until:
deep_review_input.csv row has a completion receipt in work_ledger.jsonl, or an explicit deferred, not_applicable, or suppressed closure with exact reasonThe path references in this skill are the default locations for this phase.
If the user explicitly provides a different path for a required input or output, use the user-provided path instead of the corresponding default path referenced in this skill.
If a required input is still missing, stop and ask the user for it before continuing.
Use the shared scan artifact path conventions in ../../references/scan-artifacts.md.
Follow this plan in order. Do not skip ahead to a later phase until the current phase has produced its intended output.
repo_name, security_scans_dir, scan_id, scan_dir, and artifacts_dir using ../../references/scan-artifacts.md.Goal Setup.$threat-model first.$finding-discovery as the second step, against the resolved diff and using the per-scan threat model as context.$validation as the third step, for each candidate that came out of discovery.findings/<candidate_id>/candidate_ledger.jsonl is part of the validation input. Every candidate finding that came out of discovery must have a discovery receipt before validation starts and a validation receipt before the scan can proceed to final reporting.$attack-path-analysis as the fourth step, for findings that still need reportability, attack-path, and severity analysis after validation.findings/<candidate_id>/candidate_ledger.jsonl is part of the attack-path input. Every candidate finding that reaches attack-path analysis must have an attack-path receipt before final reporting, even when the final decision is ignore, suppressed, or deferred.../../references/final-report.md and the outputs of the earlier phases: finding discovery plus each candidate finding's validation and attack-path reports.AGENTS.md.Treat this asymmetry as intentional:
Resolve the exact Git-backed diff before starting:
HEADUse ../security-scan/references/scan-artifacts-and-ledger.md for the shared scoped file-review, candidate-ledger, subagent, and dedupe rules.
Diff scans should:
rank_input.csv deterministically from changed source-like files with python3 <plugin_dir>/scripts/generate_rank_input.py make-diff-rank-input --repo <repo_root> --base <base> --mode revisions --head <head> --out <artifacts_dir>/rank_input.csv for PR, commit, and branch diffs, or python3 <plugin_dir>/scripts/generate_rank_input.py make-diff-rank-input --repo <repo_root> --base <base> --mode local-patch --out <artifacts_dir>/rank_input.csv for a local patchdeep_review_input.csv with python3 <plugin_dir>/scripts/generate_rank_input.py copy-deep-review-input --rank-input <artifacts_dir>/rank_input.csv --out <artifacts_dir>/deep_review_input.csvdeep_review_input.csvFor PR, commit, branch, and local-patch scans, stay diff-focused but preserve repeated vulnerable instances that are created or affected by the same changed pattern.
Diff scans should:
This keeps diff scans precise while avoiding the common failure mode where one representative route or sink hides additional vulnerable siblings introduced by the same patch.
Assemble the final markdown report, final HTML report, and Codex app review directives using ../../references/final-report.md. Commit scans use this same final-output contract because they are a diff-scan target type.
Read ../../references/shared-hard-rules.md before applying scan-mode-specific hard rules.
Goal Setup closure criteria.deep_review_input.csv row has a completion receipt in work_ledger.jsonl.Create a persistent HeyGen avatar — a reusable face + voice identity for the agent, the user, or any named character — powered by HeyGen Avatar V technology. Prompt-based creation by default (description → HeyGen builds it); photo upload is optional for real-person digital twins. Use when: (1) giving the agent a face + voice so it can present videos ("bring yourself to life", "create your avatar", "give yourself an avatar", "design a presenter", "set up an avatar", "let's make an avatar"), (2) the user wants to appear in videos as themselves ("create my avatar", "I want my face in a video", "digital twin of me", "build me an avatar"), (3) building a named character presenter ("create an avatar called Cleo", "design a character named X"), (4) establishing HeyGen identity before making videos — the correct FIRST step when no avatar exists yet. Chain signal: when the user says both an identity/avatar action AND a video action in the same request ("create an avatar AND make a video", "set up identity THEN create
Generate HeyGen presenter videos via the v3 Video Agent pipeline — handles Frame Check (aspect ratio correction), prompt engineering, avatar resolution, and voice selection. Required for any HeyGen video generation. Replaces deprecated endpoints with v3. Use when: (1) generating any HeyGen video (via API or otherwise), (2) sending a personalized video message (outreach, update, announcement, pitch, knowledge), (3) creating a HeyGen presenter-led explainer, tutorial, or product demo with a human face, (4) "make a video of me saying...", "send a video to my leads", "record an update for my team", "create a video pitch", "make a loom-style message", "I want to appear in this video", "generate a HeyGen video", "make a talking head video". Accepts avatar_id from heygen-avatar for identity-first HeyGen videos, or uses a stock presenter. Returns video share URL + HeyGen session URL for iteration. Chain signal: when the user wants to create/design an avatar AND make a video in the same request, run heygen-avatar firs
Route web data visualization work. Use when the user needs chart choice, visual critique, dashboards, maps or geospatial views, Gantt timelines, UML/software diagrams, scrollytelling, reports or exports, testing, accessibility, browser implementation, or concept-first visual design.
Use when Codex is already in the attack-path-analysis phase of a security scan or the user explicitly asks to trace a security finding from source to sink and calibrate severity. Do not use as the primary trigger for full PR, commit, branch, patch, or repository scans.
Use when the user asks for a deep, exhaustive, multi-pass, or variance-reducing repository-wide Codex Security scan. Run repeated independent repository-wide discovery passes with worker-specific threat models, semantically merge candidates, synthesize one canonical validation threat model, then run validation, attack-path analysis, and final reporting once. Repository-wide targets only; do not use for PRs, commits, branch diffs, working-tree diffs, or scoped paths.
Use when Codex is already in the finding-discovery phase of a security scan or the user explicitly asks to discover candidate security findings in a repository or code change. Do not use as the primary trigger for full PR, commit, branch, patch, or repository scans.