Skills

differential-review

Installation
Summary

Security-focused differential analysis of code changes with adaptive depth, blast radius calculation, and markdown reporting.

  • Analyzes PRs, commits, and diffs across three codebase sizes (SMALL/MEDIUM/LARGE) with risk-first prioritization on auth, crypto, value transfer, and external calls
  • Includes six-phase workflow: triage, code analysis, test coverage assessment, blast radius calculation, adversarial modeling, and comprehensive markdown report generation
  • Detects security regressions through git history analysis, identifies removed security code via blame, and flags high-risk patterns like validation removal or access control changes
  • Integrates with audit-context-building for baseline context and issue-writer for formal audit report transformation
  • Provides explicit coverage limits and confidence levels; escalates on red flags like high blast radius changes or removed security commits
SKILL.md

Differential Security Review

Security-focused code review for PRs, commits, and diffs.

Core Principles

  1. Risk-First: Focus on auth, crypto, value transfer, external calls
  2. Evidence-Based: Every finding backed by git history, line numbers, attack scenarios
  3. Adaptive: Scale to codebase size (SMALL/MEDIUM/LARGE)
  4. Honest: Explicitly state coverage limits and confidence level
  5. Output-Driven: Always generate comprehensive markdown report file

Rationalizations (Do Not Skip)

Rationalization Why It's Wrong Required Action
"Small PR, quick review" Heartbleed was 2 lines Classify by RISK, not size
Related skills

More from trailofbits/skills

Installs
3.0K
Repository
trailofbits/skills
GitHub Stars
5.1K
First Seen
Jan 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass