trailmark-structural

Solid

Runs full trailmark structural analysis with all pre-analysis passes (blast radius, taint propagation, privilege boundaries, complexity hotspots). Use when vivisect needs detailed structural data for a target. Triggers: structural analysis, blast radius, taint analysis, complexity hotspots.

AI & Automation 5,501 stars 484 forks Updated 4 days ago CC-BY-SA-4.0

Install

View on GitHub

Quality Score: 93/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Trailmark Structural Analysis Runs `trailmark analyze` with all four pre-analysis passes. ## When to Use - Vivisect Phase 1 needs full structural data (hotspots, taint, blast radius, privilege boundaries) - Detailed pre-analysis passes for a specific target scope - Generating complexity and taint data for audit prioritization ## When NOT to Use - Quick overview only (use `trailmark-summary` instead) - Ad-hoc code graph queries (use the main `trailmark` skill directly) - Target is a single small file where structural analysis adds no value ## Rationalizations to Reject | Rationalization | Why It's Wrong | Required Action | |-----------------|----------------|-----------------| | "Summary analysis is enough" | Summary skips taint, blast radius, and privilege boundary data | Run full structural analysis when detailed data is needed | | "One pass is sufficient" | Passes cross-reference each other — taint without blast radius misses critical nodes | Run all four passes | | "Tool isn't installed, I'll analyze manually" | Manual analysis misses what tooling catches | Report "trailmark is not installed" and return | | "Empty pass output means the pass failed" | Some passes produce no data for some codebases (e.g., no privilege boundaries) | Return full output regardless | ## Usage The target directory is passed via the `args` parameter. ## Execution **Step 1: Check that trailmark is available.** ```bash trailmark analyze --help 2>/dev/null || \ uv run trailmark analyz...

Details

Author
trailofbits
Repository
trailofbits/skills
Created
4 months ago
Last Updated
4 days ago
Language
Python
License
CC-BY-SA-4.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

trailmark-summary

Runs a trailmark summary analysis on a codebase. Returns language detection, entry point count, and dependency graph shape. Use when vivisect or galvanize needs a quick structural overview. Triggers: trailmark summary, code summary, structural overview.

5,501 Updated 4 days ago
trailofbits
AI & Automation Solid

trailmark

Builds and queries multi-language source code graphs for security analysis. Includes pre-analysis passes for blast radius, taint propagation, privilege boundaries, and entry point enumeration. Use when analyzing call paths, mapping attack surface, finding complexity hotspots, enumerating entry points, tracing taint propagation, measuring blast radius, or building a code graph for audit prioritization. Supports 16 languages including Solidity, Cairo, Circom, Rust, Go, Python, C/C++, TypeScript.

5,501 Updated 4 days ago
trailofbits
Code & Development Listed

graph-evolution

Compares Trailmark code graphs at two source code snapshots (git commits, tags, or directories) to surface security-relevant structural changes. Detects new attack paths, complexity shifts, blast radius growth, taint propagation changes, and privilege boundary modifications that text diffs miss. Use when comparing code between commits or tags, analyzing structural evolution, detecting attack surface growth, reviewing what changed between audit snapshots, or finding security-relevant changes that text diffs miss.

1 Updated 4 days ago
kevinvwong
Code & Development Solid

graph-evolution

Compares Trailmark code graphs at two source code snapshots (git commits, tags, or directories) to surface security-relevant structural changes. Detects new attack paths, complexity shifts, blast radius growth, taint propagation changes, and privilege boundary modifications that text diffs miss. Use when comparing code between commits or tags, analyzing structural evolution, detecting attack surface growth, reviewing what changed between audit snapshots, or finding security-relevant changes that text diffs miss.

5,501 Updated 4 days ago
trailofbits
AI & Automation Listed

genotoxic

Graph-informed mutation testing triage. Parses codebases with Trailmark, runs mutation testing and necessist, then uses survived mutants, unnecessary test statements, and call graph data to identify false positives, missing test coverage, and fuzzing targets. Use when triaging survived mutants, analyzing mutation testing results, identifying test gaps, finding fuzzing targets from weak tests, running mutation frameworks (including circomvent and cairo-mutants), or using necessist.

1 Updated 4 days ago
kevinvwong