regression
Installation
SKILL.md
Security Regression Detection
Verify that previously fixed vulnerabilities have not been reintroduced.
Reads the fix history from .appsec/fixed-history.json, checks
whether vulnerable patterns have returned or fixes have been removed, and
reports any regressions. Designed to run as a gate check before merges or
releases.
Supported Flags
Read ../../shared/schemas/flags.md for the full flag specification.
| Flag | Regression Behavior |
|---|---|
--scope |
Default branch. Checks regressions in all files changed on the current branch. Use changed for working tree only, full for all historical fixes. |
--depth quick |
Pattern match only: check if the exact vulnerable code snippet reappears. |
--depth standard |
Pattern match + semantic analysis: check if equivalent vulnerable patterns exist even if code changed. |
--depth deep |
Standard + trace data flows to verify fix integrity across refactored code. |
--depth expert |
Deep + attempt to bypass each fix with variant inputs and alternate code paths. |
Related skills