Skip to content
wyattowalsh/agents | AI Agent Configs
Docs
codeql

codeql

Curated third-party skill source. Run external-skill-auditor before repo promotion.

codeql18 wordsInspect firstinspect-then-install
Curated third-party skill source. Run external-skill-auditor before repo promotion.

Quick Start

Install:

npx skills add trailofbits/skills --skill codeql --skill semgrep --skill property-based-testing -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencode

Use: /codeql

Works with Claude Code, Gemini CLI, OpenCode, and other agentskills.io-compatible agents.

What It Does

Section titled “What It Does”

Deep security vulnerability scanning using CodeQL’s interprocedural data flow and taint tracking. Supports Python, JS/TS, Go, Java/Kotlin, C/C++, C#, etc. Builds databases, creates custom data extension models for project APIs, selects/runs query packs (security-extended + Trail of Bits + community), outputs SARIF. Workflows for quality assessment, build fixes, and result processing. From Trail of Bits static-analysis plugin (Testing Handbook based).

Harness Coverage

Section titled “Harness Coverage”

Targets verified harnesses: antigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode.

Portable multi-harness install command:

Terminal window
npx skills add trailofbits/skills --skill codeql --skill semgrep --skill property-based-testing -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencode

Trust / Audit

Section titled “Trust / Audit”

Trust tier: Inspect first (needs-inspection)

Curated status: inspect-then-install

Risk notes: Curated third-party skill source. Run external-skill-auditor before repo promotion.

Entry maintained via authoring + research for compose-external-wave-2; provenance and audit notes are authoritative there (research context is advisory).

Install Prerequisites

Section titled “Install Prerequisites”

Install: npx skills add trailofbits/skills --skill codeql --skill semgrep --skill property-based-testing -y -g -a ... (grouped); pre-install CodeQL CLI. status=inspect-then-install; selector=named. Use after auditor for build/CLI surface.

FieldValue
Source Typecurated-external
Display Sourcetrailofbits/skills
Source Kindgithub
Installabilityportable command
Review Statecurated
Trust Tierneeds-inspection
Target Agentsantigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode
Curated catalog entry
docs/src/authoring/skills/codeql.mdx (full SSOT excerpt)
---
name: "codeql"
description: "Curated third-party skill source. Run external-skill-auditor before repo promotion."
title: "Codeql"
source_kind: "curated-external"
source: "trailofbits/skills"
install_source: "trailofbits/skills"
status: "inspect-then-install"
trust_tier: "needs-inspection"
provenance_status: "verified-install-command"
install_command: "npx skills add trailofbits/skills --skill codeql --skill semgrep --skill property-based-testing -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencode"
target_agents: [antigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode]
source_url: "https://github.com/trailofbits/skills"
notes: "Curated third-party skill source. Run external-skill-auditor before repo promotion."
risk_notes: "Curated third-party skill source. Run external-skill-auditor before repo promotion."
promotion_policy: "Inspect source, hooks, scripts, credentials, and dedupe before install."
provenance_evidence: "Curated `npx skills add` command with named `--skill` selectors under `inspect-then-install` in config/external-skills.md."
---


{/* GENERATED-AUTHORING: source=config/external-skills.md; entry=codeql; re-run migration to refresh */}


Curated third-party skill source. Run external-skill-auditor before repo promotion.

Install / provenance (from authoring frontmatter + research):

FieldValue
install_commandnpx skills add trailofbits/skills --skill codeql --skill semgrep --skill property-based-testing -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencode
sourcetrailofbits/skills
source_urlhttps://github.com/trailofbits/skills
trust_tierneeds-inspection
curated_statusinspect-then-install
target_agentsantigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode

Resources

Section titled “Resources”
Skill Catalog Browse custom and external skills.
CLI Reference Install and manage skills.
Built & designed by shadcn. Ported to Astro Starlight by Adrián UB. The source code is available on GitHub.
Home Start Here Skills Agents MCP CLI

Skills

Catalog Install Custom

Agents

Agents code-reviewer docs-writer orchestrator performance-profiler planner release-manager researcher security-auditor

MCP

MCP Servers mcphub

Hooks

Hooks codex-destructive-shell-guard codex-permission-request-guard codex-post-tool-verify-context codex-protected-file-guard codex-session-start-context codex-stop-truth-gate destructive-shell-guard post-edit-format post-edit-lint prompt-log protected-file-guard research-dangerous-shell-guard research-evidence-ledger research-prompt-triage-context research-readonly-write-guard research-stop-verifier session-start

Harness Config

Harness Config mcp-registry sync-manifest tooling-policy