Trailmark Structural
Skill Verified ActiveRuns full Trailmark structural analysis on Trailmark 0.2.x by building a graph, running `preanalysis()`, and reporting hotspots, taint, blast radius, privilege boundaries, and attack surface. Use when vivisect needs detailed structural data for a target. Triggers: structural analysis, blast radius, taint analysis, complexity hotspots.
To provide detailed structural data from Trailmark analysis for security auditing and in-depth code understanding when vivisect requires it.
Features
- Runs full Trailmark structural analysis
- Reports hotspots, taint, blast radius, privilege boundaries, and attack surface
- Detects languages and builds analysis engine
- Outputs structured JSON containing analysis results
Use Cases
- When detailed structural data is needed for vivisection
- For generating complexity and taint data for audit prioritization
- To perform pre-analysis passes for a specific target scope
Non-Goals
- Providing only a quick overview (use `trailmark-summary` instead)
- Performing ad-hoc code graph queries (use the main `trailmark` skill)
- Analyzing single small files where structural analysis adds no value
Installation
First, add the marketplace
/plugin marketplace add trailofbits/skills/plugin install trailmark@trailofbitsQuality Score
VerifiedTrust Signals
Similar Extensions
Metal
100Extract the conceptual essence of a repository as skills, agents, and teams — the project's roles, procedures, and coordination patterns expressed as agentskills.io-standard definitions. Reads an arbitrary codebase and produces generalized definitions that capture WHAT the project does and WHO operates it, without replicating HOW it does it. Use when onboarding to a new codebase and wanting to understand its conceptual architecture, when bootstrapping an agentic system from an existing project, when studying a project's organizational DNA for cross-pollination, or when creating a skill/agent/team library inspired by a reference implementation.
Lean Ctx
100Context Runtime for AI Agents — 59 MCP tools, 10 read modes, 95+ shell patterns, tree-sitter AST for 18 languages. Compresses LLM context by up to 99%. Use when reading files, running shell commands, searching code, or exploring directories. Auto-installs if not present.
Pathfinder
100Map a codebase into feature-grouped flowcharts, identify duplicated concerns across features, and propose a unified architecture. Use when asked to "find the ideal path," unify duplicated systems, or audit architecture before a refactor. Emits a proposed unified flowchart plus per-system /make-plan prompts.
Codacy Audit
100Codacy Cloud workflow for this repository -- run Codacy's analyzers locally before `git push` (mirrors what Codacy CI runs), and fetch/cluster Codacy issues for any PR via the v3 API. Use when the user mentions Codacy, "codacy analysis", `codacy-analysis-cli`, "codacy issues on PR", "fix codacy CI", "codacy markdownlint findings", or any Codacy gate failing on a netdata-org PR. Ships scripts analyze-local.sh (docker/binary runner for codacy-analysis-cli) and pr-issues.sh (paginated v3 issue fetch + group-by tool/pattern/severity/file). Token-safe -- CODACY_TOKEN never reaches assistant-visible stdout. Read-only by design in the current SOW; write actions (mark FP, mark fixed) are deferred.
Domain Extract
100Extract domain knowledge from existing project sources and generate domain rules. Also handles vault sync and domain listing.
Auto Optimize
100Automate analysis, evaluation, design and optimization of target projects. Integrate VibeGuard as a baseline scan, the remediation process adheres to VibeGuard specifications, and a compliance check is run at the end. Support auto-run-agent autonomous execution.