跳转到主要内容
此内容尚未提供您的语言版本,正在以英文显示。

Sharp Edges

技能 已验证 活跃
属于:Sharp Edges

Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes. Use when reviewing API designs, configuration schemas, cryptographic library ergonomics, or evaluating whether code follows 'secure by default' and 'pit of success' principles. Triggers: footgun, misuse-resistant, secure defaults, API usability, dangerous configuration.

目的

To proactively identify and mitigate security vulnerabilities introduced by poor API design, dangerous configurations, and insecure defaults, ensuring that secure usage is the path of least resistance.

功能

  • Identifies algorithm selection footguns
  • Detects dangerous defaults and configuration cliffs
  • Analyzes primitive vs. semantic APIs for misuse potential
  • Highlights silent failure modes in security operations
  • Provides language-specific sharp edge patterns

使用场景

  • Reviewing new API or library designs for security flaws
  • Auditing configuration schemas for dangerous options
  • Assessing cryptographic API ergonomics for misuse resistance
  • Evaluating interfaces for adherence to 'secure by default' principles

非目标

  • Finding implementation bugs or standard code review issues
  • Performance optimization analysis
  • Business logic flaw detection

工作流

  1. Identify security-relevant surfaces (APIs, configs)
  2. Probe edge cases (zero/empty/null inputs, defaults)
  3. Model threats from different user types (malicious, lazy, confused)
  4. Reproduce and validate identified sharp edges

安装

请先添加 Marketplace

/plugin marketplace add trailofbits/skills
/plugin install sharp-edges@trailofbits

质量评分

已验证
95 /100
1 day ago 分析

信任信号

最近提交3 days ago
GitHub 所有者 trailofbits (opens in new tab)
星标5.2k
许可证CC-BY-SA-4.0
状态
查看源代码

类似扩展

Soul Guardian

100

Drift detection + baseline integrity guard for agent workspace files with automatic alerting support

技能
prompt-security

Audit Dependency Versions

100

Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.

技能
pjt222

Codex Diff Develop

100

Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.

技能
j4rk0r

Sdk Dx

100

Design SDKs that developers love to use—APIs that feel native, error messages that guide, and experiences that reduce friction. This skill covers creating SDKs that drive adoption through exceptional developer experience rather than aggressive marketing. Trigger phrases: "SDK design", "developer experience", "API design", "SDK DX", "error messages", "type safety", "IDE integration", "SDK versioning", "migration guides", "client library design", "making SDKs feel native", "SDK best practices"

技能
jonathimer

Investigate Capa Root Cause

100

Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.

技能
pjt222

Toprank Weekly Review

100

Run a weekly SEO review for one registered website, write audit artifacts, and choose the next best safe action.

技能
nowork-studio