Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions skills/agentic-actions-auditor/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/agentic-actions-auditor/skills/agentic-actions-auditor"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
4 changes: 2 additions & 2 deletions skills/codeql/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/static-analysis/skills/codeql"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
4 changes: 2 additions & 2 deletions skills/constant-time-analysis/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/constant-time-analysis/skills/constant-time-analysis"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
4 changes: 2 additions & 2 deletions skills/differential-review/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/differential-review/skills/differential-review"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
4 changes: 2 additions & 2 deletions skills/fp-check/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/fp-check/skills/fp-check"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
4 changes: 2 additions & 2 deletions skills/insecure-defaults/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/insecure-defaults/skills/insecure-defaults"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
4 changes: 2 additions & 2 deletions skills/property-based-testing/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/property-based-testing/skills/property-based-testing"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
4 changes: 2 additions & 2 deletions skills/sarif-parsing/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/static-analysis/skills/sarif-parsing"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
4 changes: 2 additions & 2 deletions skills/semgrep-rule-creator/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/semgrep-rule-creator/skills/semgrep-rule-creator"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
4 changes: 2 additions & 2 deletions skills/semgrep-rule-variant-creator/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
4 changes: 2 additions & 2 deletions skills/semgrep/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/static-analysis/skills/semgrep"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
4 changes: 2 additions & 2 deletions skills/sharp-edges/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/sharp-edges/skills/sharp-edges"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
4 changes: 2 additions & 2 deletions skills/supply-chain-risk-auditor/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/supply-chain-risk-auditor/skills/supply-chain-risk-auditor"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
4 changes: 2 additions & 2 deletions skills/variant-analysis/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/variant-analysis/skills/variant-analysis"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
4 changes: 2 additions & 2 deletions skills/yara-rule-authoring/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/yara-authoring/skills/yara-rule-authoring"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand Down
11 changes: 9 additions & 2 deletions skills/zeroize-audit/spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ metadata:

spec:
repository: "https://github.com/trailofbits/skills"
ref: "a56045e9ae00b3506cacefea0f672aab0a1a6e3c" # main as of 2026-04-17
ref: "cfe5d7b1619e47fb5b38b7e2561dad7e5f1e89af" # main as of 2026-04-17
path: "plugins/zeroize-audit/skills/zeroize-audit"
version: "0.1.0"
version: "0.2.0"

provenance:
repository_uri: "https://github.com/trailofbits/skills"
Expand All @@ -27,3 +27,10 @@ security:
reason: "Matches the phrase 'secret argument' in tools/scripts/check_llvm_patterns.py where it labels compiler-detected patterns; the skill audits zeroization of secrets so references to the word 'secret' are expected."
- rule_id: DATA_EXFIL_SENSITIVE_FILES
reason: "tools/scripts/check_rust_asm.py reads a JSON config of Rust symbol names to audit; 'secrets_path' is the skill's internal config file path, not exfiltration of user secrets."
# FP: BEHAVIOR_EVAL_SUBPROCESS flags two list-form subprocess.run() calls,
# neither uses shell=True and neither takes attacker-controlled input:
# generate_poc.py invokes a local sibling script via sys.executable with
# fixed flag names; check_rust_asm.py invokes the fixed command "rustfilt"
# with an explicit timeout, piping asm text via stdin (not argv/shell).
- rule_id: BEHAVIOR_EVAL_SUBPROCESS
reason: "FP: matched list-form subprocess.run() calls in tools/generate_poc.py (invokes sys.executable + a local script with fixed flag names) and tools/scripts/check_rust_asm.py (invokes the fixed command 'rustfilt' with a timeout, input piped via stdin). Neither uses shell=True or attacker-controlled arguments."
Loading