菜单
Use when the user asks for a security review of a pull request, commit, branch diff, working-tree patch, or other Git-backed change set.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Use when the user supplies or imports existing security findings, vulnerability reports, or security/vulnerability Jira/Linear tickets from scanners, advisories, GitHub, Atlassian Rovo, Linear, or similar backlog sources and wants static repo-impact triage. Do not use for discovery, duplicate-bug triage, validation, or fixes.
Boltz CLI setup and auth. Use when installing, updating, verifying, or authenticating `boltz-api`, or fixing missing CLI, PATH, sandbox, browser login, or auth errors.
Design new protein binders with Boltz. Use when generating protein, peptide, antibody, nanobody, or custom binder candidates for a target. Not for screening existing proteins or small molecules.
Use when the user asks for a deep, exhaustive, multi-pass, or variance-reducing repository-wide or scoped-path Codex Security scan. Run repeated independent discovery passes over one resolved scope with worker-specific threat models, semantically merge candidates, synthesize one canonical validation threat model, then run validation, attack-path analysis, canonical JSON completion, and generated reporting once. Do not use for PRs, commits, branch diffs, or working-tree diffs.
Use when Codex is already in the finding-discovery phase of a security scan or the user explicitly asks to discover candidate security findings in a repository or code change. Do not use as the primary trigger for full PR, commit, branch, patch, or repository scans.
Use when the user explicitly asks to fix and verify a validated or plausible security finding. Do not use as the primary trigger for full PR, commit, branch, patch, or repository scans.
| name | security-diff-scan |
| description | Use when the user asks for a security review of a pull request, commit, branch diff, working-tree patch, or other Git-backed change set. |
| metadata | {"short-description":"Run security diff scan","capability-profile":"security_diff_scan"} |
Used when a user wants to review a Git-backed change set for security regressions. Keep the scan phases separate and produce final HTML and markdown reports.
When this skill is the active top-level workflow, use the setup workspace only when the host context explicitly says it is running inside the Codex desktop app and both required setup continuation tools are available. Tool availability alone does not identify the app host. Otherwise, including Codex CLI interactive and headless runs, use the prompt-only terminal/chat workflow: do not call Codex Security app setup tools, ask the user to press Start scan, or wait for an app-generated scanId.
Treat goal creation as scan execution, not setup. In the app setup path, do not create or adopt scan goals before the user presses Start scan, the authoritative scan context has been loaded from a status: "started" wait result or a direct continuation with a scanId, and the capability preflight has returned ready.
For an app continuation that already includes a scanId and optional handoffClaimToken, do not open another workspace: call get_codex_security_scan_context with the scanId, pass its handoffClaimToken when present, route elsewhere only if its validated mode differs, and use its target, diffTarget, optional userContext, and scanDir.
Otherwise, in a host that renders MCP Apps and exposes the Codex Security setup continuation tools:
targetPath, mode: "diff", scope: ".", user-supplied security focus as userContext, and diffTarget only when the prompt unambiguously identifies uncommitted changes against current HEAD, one commit, or a locally resolved PR, branch comparison, or revision range.open_codex_security_workspace with the resolved arguments. Do not search for or substitute a separate scan command.await_codex_security_scan_start with the sessionId from the workspace returned by open_codex_security_workspace. A returned workspace with setup.submitted=false is the expected wait state. Keep the tool call pending while waiting for the user to review setup and press Start scan; do not create or adopt a scan goal, run preflight, or pivot to terminal/chat fallback while waiting.status: "started", require its scanId, call get_codex_security_scan_context with that scanId, and pass its handoffClaimToken when present. Then run the preflight in ../../references/config-preflight.md for the selected target and security_diff_scan profile before goal setup, threat modeling, or other substantive scan work.status: "already_delivered", end the current turn without loading scan context or starting scan work. Another continuation already owns the scan.status: "timed_out", end the current turn and tell the user to finish setup and use Continue in Codex after pressing Start scan. Do not run preflight, create or adopt a scan goal, open another workspace, or pivot to terminal/chat fallback.ready result, explaining material warn or suggest limitations. If preflight is blocked or incomplete with actionable remediation, present the exact reasons and config delta, ask whether to apply the remediation, and stop for the user's answer before creating or adopting a scan goal or calling fail_codex_security_scan. Do not fail automatically for declined or unavailable remediation, helper errors, or a non-ready rerun. Preserve the running scan and retry or hand off while recovery may still be possible. If the user declines required remediation, ask whether to cancel or leave the scan running for a later retry. Call fail_codex_security_scan with the exact reason only after documented recovery is exhausted and the blocker is confirmed unrecoverable, or when the user explicitly cancels.Before opening setup, use the existing terminal/chat preflight and scan workflow for local changes against another requested base because the setup app cannot represent that working-tree diff target. Codex CLI, including interactive and headless runs, and hosts without the required app capabilities use the same prompt-only fallback. Do not call open_codex_security_workspace or await_codex_security_scan_start on this path. Once open_codex_security_workspace succeeds in an MCP Apps-capable host, remain on the app path: immediately call await_codex_security_scan_start; a status: "timed_out" result means end the turn and point the user to Continue in Codex, while status: "already_delivered" means stop because another continuation owns the scan. Do not start a terminal/chat fallback for either result.
Read ../../references/config-preflight.md and dispatch and await the preflight execution described there with the security_diff_scan capability profile before substantive scan work, including after an app wait or direct continuation has produced a scanId and loaded its authoritative scan context. Follow the returned block/warn/suggest results. For an app-generated scan, ask before applying actionable remediation and wait without creating a scan goal or calling fail_codex_security_scan. Do not fail automatically for declined or unavailable remediation, helper errors, or a non-ready rerun; preserve the running scan and retry or hand off while recovery may still be possible. Call fail_codex_security_scan only after documented recovery is exhausted and the blocker is confirmed unrecoverable, or when the user explicitly cancels. Do not treat a config value that differs from a suggested patch as a warning unless the capability requirement itself is unmet.
Keep these phases distinct and run them in linear order:
$threat-model$finding-discovery$validation$attack-path-analysisTreat this skill as the top-level orchestrator for the four skills plus the final report assembly step. Do not collapse the phases together.
For each phase:
Do not read ahead into later-phase skills until the current phase has completed. Do not amortize effort across phases: complete each phase to the full depth expected by that phase before moving on. Treat explicit invocation of this exhaustive diff-scan workflow as the user's authorization to use the subagents required by the workflow. If subagents are unavailable in the current environment, explain the limitation instead of claiming exhaustive diff coverage.
After the app wait or direct continuation has provided a scanId, the authoritative scan context has been loaded, and the security_diff_scan capability preflight has returned ready, or after the same preflight is ready in Codex CLI or terminal/chat hosts without the setup app, create a Codex goal for the scan if the runtime exposes goal tools and no active goal already covers this scan. The objective should state that the scan must not stop until the resolved diff-scoped files have been covered and the required coverage artifacts prove that closure.
Use objective wording shaped like:
Run the Codex Security diff scan for <resolved target>; do not stop until every diff-scoped file/worklist row has a completion receipt or explicit deferred closure, every candidate has required ledger receipts, and the final report is written.
If a compatible active goal already exists, continue under it instead of creating a duplicate. If goal tools are unavailable, state the same coverage objective in the first visible scan update and continue.
Do not mark the goal complete until:
deep_review_input.jsonl row has a completion receipt in work_ledger.jsonl, or an explicit deferred, not_applicable, or suppressed closure with exact reasonThe path references in this skill are the default locations for this phase.
If the user explicitly provides a different path for a required input or output, use the user-provided path instead of the corresponding default path referenced in this skill.
If a required input is still missing, stop and ask the user for it before continuing.
Use the shared scan artifact path conventions in ../../references/scan-artifacts.md.
Start this plan only after Setup Workspace Routing has either loaded the app-generated scan context with a scanId, or determined that the host is using the non-app terminal/chat workflow, and the security_diff_scan capability preflight has returned ready.
Follow this plan in order. Do not skip ahead to a later phase until the current phase has produced its intended output.
repo_name, security_scans_dir, scan_id, scan_dir, and artifacts_dir using ../../references/scan-artifacts.md.Goal Setup for that active scan context.$threat-model first.$finding-discovery as the second step, against the resolved diff and using the per-scan threat model as context.$validation as the third step, for each candidate that came out of discovery.findings/<candidate_id>/candidate_ledger.jsonl is part of the validation input. Every candidate finding that came out of discovery must have a discovery receipt before validation starts and a validation receipt before the scan can proceed to final reporting.$attack-path-analysis as the fourth step, for findings that still need reportability, attack-path, and severity analysis after validation.findings/<candidate_id>/candidate_ledger.jsonl is part of the attack-path input. Every candidate finding that reaches attack-path analysis must have an attack-path receipt before final reporting, even when the final decision is ignore, suppressed, or deferred.../../references/final-report.md; do not author reports. Complete the scan so finalization projects the validated JSON into the final markdown report. In the terminal/chat workflow without complete_codex_security_scan, run python <plugin_dir>/scripts/finalize_scan_contract.py --scan-dir <scan_dir> --source-root <repo_root> directly.../../references/finding-detail-fields.md from the same validated evidence used in the generated report.AGENTS.md.Treat this asymmetry as intentional:
Resolve the exact Git-backed diff before starting:
HEADUse ../security-scan/references/scan-artifacts-and-ledger.md for the shared scoped file-review, candidate-ledger, subagent, and dedupe rules.
Diff scans should:
rank_input.jsonl deterministically from changed source-like files with <python_command> <plugin_dir>/scripts/generate_rank_input.py make-diff-rank-input --repo <repo_root> --base <base> --mode revisions --head <head> --out <artifacts_dir>/rank_input.jsonl for PR, commit, and branch diffs, or <python_command> <plugin_dir>/scripts/generate_rank_input.py make-diff-rank-input --repo <repo_root> --base <base> --mode local-patch --out <artifacts_dir>/rank_input.jsonl for a local patchdeep_review_input.jsonl with <python_command> <plugin_dir>/scripts/generate_rank_input.py copy-deep-review-input --rank-input <artifacts_dir>/rank_input.jsonl --out <artifacts_dir>/deep_review_input.jsonldeep_review_input.jsonlFor PR, commit, branch, and local-patch scans, stay diff-focused but preserve repeated vulnerable instances that are created or affected by the same changed pattern.
Diff scans should:
This keeps diff scans precise while avoiding the common failure mode where one representative route or sink hides additional vulnerable siblings introduced by the same patch.
Populate all final report semantics in the canonical manifest, findings, and coverage JSON using ../../references/final-report.md. Then complete the scan; finalization owns markdown report generation. Emit Codex app review directives from the completed canonical findings. Commit scans use this same final-output contract because they are a diff-scan target type.
Read ../../references/shared-hard-rules.md before applying scan-mode-specific hard rules.
scanId, or in the non-app terminal/chat workflow, create or adopt the scan goal only after the capability preflight has returned ready, and before substantive scan work. Do not complete it until the resolved diff-scoped files/worklist rows, candidate ledgers, and final report meet the Goal Setup closure criteria.deep_review_input.jsonl row has a completion receipt in work_ledger.jsonl.