audit-context-building

Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.

16 stars

Best use case

audit-context-building is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.

Teams using audit-context-building should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/audit-context-building/SKILL.md --create-dirs "https://raw.githubusercontent.com/plurigrid/asi/main/plugins/asi/skills/audit-context-building/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/audit-context-building/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How audit-context-building Compares

Feature / Agentaudit-context-buildingStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Audit Context Building Skill

**Trit**: -1 (MINUS)
**Category**: audit-context-building
**Author**: Trail of Bits
**Source**: trailofbits/skills
**License**: AGPL-3.0

## Description

Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.

## When to Use

This is a Trail of Bits security skill. Refer to the original repository for detailed usage guidelines and examples.

See: https://github.com/trailofbits/skills

## Related Skills

- audit-context-building
- codeql
- semgrep
- variant-analysis

Related Skills

zeroize-audit

16
from plurigrid/asi

Detects missing zeroization of sensitive data in source code and identifies zeroization removed by compiler optimizations, with assembly-level analysis, and control-flow verification. Use for auditing C/C++/Rust code handling secrets, keys, passwords, or other sensitive data.

supply-chain-risk-auditor

16
from plurigrid/asi

Identifies dependencies at heightened risk of exploitation or takeover. Use when assessing supply chain attack surface, evaluating dependency health, or scoping security engagements.

smack-policy-auditor

16
from plurigrid/asi

Analyzes SMACK policy files for correctness, label conflicts, and access control issues. Verifies mandatory access control rules.

performing-soc2-type2-audit-preparation

16
from plurigrid/asi

Automates SOC 2 Type II audit preparation including gap assessment against AICPA Trust Services Criteria (CC1-CC9), evidence collection from cloud providers and identity systems, control testing validation, remediation tracking, and continuous compliance monitoring. Covers all five TSC categories (Security, Availability, Processing Integrity, Confidentiality, Privacy) with automated evidence gathering from AWS, Azure, GCP, Okta, GitHub, and Jira. Use when preparing for or maintaining SOC 2 Type II certification.

performing-service-account-audit

16
from plurigrid/asi

Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant accounts. This skill covers discovery of service accounts in Active Directory, cloud pl

performing-security-headers-audit

16
from plurigrid/asi

Auditing HTTP security headers including CSP, HSTS, X-Frame-Options, and cookie attributes to identify missing or misconfigured browser-level protections.

performing-cryptographic-audit-of-application

16
from plurigrid/asi

A cryptographic audit systematically reviews an application's use of cryptographic primitives, protocols, and key management to identify vulnerabilities such as weak algorithms, insecure modes, hardco

building-vulnerability-scanning-workflow

16
from plurigrid/asi

Builds a structured vulnerability scanning workflow using tools like Nessus, Qualys, and OpenVAS to discover, prioritize, and track remediation of security vulnerabilities across infrastructure. Use when SOC teams need to establish recurring vulnerability assessment processes, integrate scan results with SIEM alerting, and build remediation tracking dashboards.

building-vulnerability-exception-tracking-system

16
from plurigrid/asi

Build a vulnerability exception and risk acceptance tracking system with approval workflows, compensating controls documentation, and expiration management.

building-vulnerability-dashboard-with-defectdojo

16
from plurigrid/asi

Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication, metrics tracking, and Jira ticketing workflows.

building-vulnerability-aging-and-sla-tracking

16
from plurigrid/asi

Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against severity-based timelines and drive accountability.

building-threat-intelligence-platform

16
from plurigrid/asi

Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified system for collecting, analyzing, enriching, and disseminating threat intelligence. T