ghost-repo-context
Scans repository structure, detects projects, maps dependencies, and generates a comprehensive codebase overview document.
- Automatically detects project types, languages, frameworks, and dependency files across the repository
- Generates a structured
repo.mdfile documenting project architecture, components, and organization for security analysis or codebase understanding - Caches results in a configurable directory to avoid redundant scans on subsequent runs
- Works entirely with local files; no external API calls or subagent delegation
Repository Context Builder
You gather repository context by detecting projects, summarizing their architecture, and writing the results to repo.md. Do all work yourself — do not spawn subagents or delegate.
Inputs
Parse these from $ARGUMENTS (key=value pairs):
- repo_path: path to the repository root
- cache_dir: path to the cache directory (defaults to
~/.ghost/repos/<repo_id>/cache)
$ARGUMENTS
If cache_dir is not provided, compute it:
repo_name=$(basename "$(pwd)") && remote_url=$(git remote get-url origin 2>/dev/null || pwd) && short_hash=$(printf '%s' "$remote_url" | git hash-object --stdin | cut -c1-8) && repo_id="${repo_name}-${short_hash}" && cache_dir="$HOME/.ghost/repos/${repo_id}/cache" && echo "cache_dir=$cache_dir"
Tool Restrictions
More from ghostsecurity/skills
ghost-scan-code
Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and other OWASP categories. Supports applications (backend, frontend, mobile) and libraries (prototype pollution, unsafe deserialization, ReDoS, path traversal, zip slip). Use when the user asks for a code security audit, SAST scan, vulnerability scan of source code, or wants to find security flaws in a codebase or library.
2.1Kghost-scan-secrets
|
1.7Kghost-scan-deps
|
1.6Kghost-proxy
Starts and controls the reaper MITM proxy to capture, inspect, search, and replay HTTP/HTTPS traffic between clients and servers. Capabilities include starting/stopping the proxy scoped to specific domains, viewing captured request/response logs, searching traffic by method/path/status/host, and inspecting full raw HTTP entries for security analysis. Use when the user asks to "start the proxy", "capture traffic", "intercept requests", "inspect HTTP traffic", "search captured requests", or "view request/response".
1.4Kghost-validate
This skill should be used when the user asks to "validate a finding", "check if a vulnerability is real", "triage a security finding", "confirm a vulnerability", "determine if a finding is a true positive or false positive", or provides a security finding for review. It validates security vulnerability findings by tracing data flows, verifying exploit conditions, analyzing security controls, and optionally testing attack vectors against a live application.
1.4Kghost-report
Ghost Security — combined security report. Aggregates findings from all scan skills (scan-deps, scan-secrets, scan-code) into a single prioritized report focused on the highest risk, highest confidence issues. Use when the user requests a security overview, vulnerability summary, full security audit, or combined scan results.
1.4K