Menu
Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.
Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations including Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Detects attack vectors where attacker-controlled input reaches AI agents running in CI/CD pipelines, including env var intermediary patterns, direct expression injection, dangerous sandbox configurations, and wildcard user allowlists. Use when reviewing workflow files that invoke AI coding agents, auditing CI/CD pipeline security for prompt injection risks, or evaluating agentic action configurations.
Clarify requirements before implementing. Use when serious doubts arise.
Scans Algorand smart contracts for 11 common vulnerabilities including rekeying attacks, unchecked transaction fees, missing field validations, and access control issues. Use when auditing Algorand projects (TEAL/PyTeal).
Prepares codebases for security review using Trail of Bits' checklist. Helps set review goals, runs static analysis tools, increases test coverage, removes dead code, ensures accessibility, and generates documentation (flowcharts, user stories, inline comments).
Scans Cairo/StarkNet smart contracts for 6 critical vulnerabilities including felt252 arithmetic overflow, L1-L2 messaging issues, address conversion problems, and signature replay. Use when auditing StarkNet projects.
Systematic code maturity assessment using Trail of Bits' 9-category framework. Analyzes codebase for arithmetic safety, auditing practices, access controls, complexity, decentralization, documentation, MEV risks, low-level code, and testing. Produces professional scorecard with evidence-based ratings and actionable recommendations.
| name | audit-context-building |
| description | Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding. |
This skill governs how Claude thinks during the context-building phase of an audit.
When active, Claude will:
This skill defines a structured analysis format (see Example: Function Micro-Analysis below) and runs before the vulnerability-hunting phase.
Use when:
Do not use for:
When active, Claude will:
Goal: deep, accurate understanding, not conclusions.
| Rationalization | Why It's Wrong | Required Action |
|---|---|---|
| "I get the gist" | Gist-level understanding misses edge cases | Line-by-line analysis required |
| "This function is simple" | Simple functions compose into complex bugs | Apply 5 Whys anyway |
| "I'll remember this invariant" | You won't. Context degrades. | Write it down explicitly |
| "External call is probably fine" | External = adversarial until proven otherwise | Jump into code or model as hostile |
| "I can skip this helper" | Helpers contain assumptions that propagate | Trace the full call chain |
| "This is taking too long" | Rushed context = hallucinated vulnerabilities later | Slow is fast |
Before deep analysis, Claude performs a minimal mapping:
This establishes anchors for detailed analysis.
Every non-trivial function receives full micro analysis.
For each function:
Purpose
Inputs & Assumptions
Outputs & Effects
Block-by-Block / Line-by-Line Analysis For each logical block:
Apply per-block:
(Full Integration of Jump-Into-External-Code Rule)
When encountering calls, continue the same micro-first analysis across boundaries.
Case A — External Call to a Contract Whose Code Exists in the Codebase Treat as an internal call:
Case B — External Call Without Available Code (True External / Black Box) Analyze as adversarial:
Treat the entire call chain as one continuous execution flow. Never reset context. All invariants, assumptions, and data dependencies must propagate across calls.
See FUNCTION_MICRO_ANALYSIS_EXAMPLE.md for a complete walkthrough demonstrating:
This example demonstrates the level of depth and structure required for all analyzed functions.
When performing ultra-granular analysis, Claude MUST structure output following the format defined in OUTPUT_REQUIREMENTS.md.
Key requirements:
Quality thresholds:
Before concluding micro-analysis of a function, verify against the COMPLETENESS_CHECKLIST.md:
Analysis is complete when all checklist items are satisfied and no unresolved "unclear" items remain.
After sufficient micro-analysis:
State & Invariant Reconstruction
Workflow Reconstruction
Trust Boundary Mapping
Complexity & Fragility Clustering
These clusters help guide the vulnerability-hunting phase.
(Anti-Hallucination, Anti-Contradiction)
Claude must:
Never reshape evidence to fit earlier assumptions. When contradicted:
Periodically anchor key facts Summarize core:
Avoid vague guesses Use:
Cross-reference constantly Connect new insights to previous state, flows, and invariants to maintain global coherence.
Claude may spawn subagents for:
Use the function-analyzer agent for per-function deep analysis.
It follows the full microstructure checklist, cross-function flow
rules, and quality thresholds defined in this skill, and enforces
the pure-context-building constraint.
Subagents must:
This skill runs before:
It exists solely to build:
While active, Claude should NOT:
This is pure context building only.
