Skip to content
wyattowalsh/agents | AI Agent Configs
Docs
differential-review

differential-review

Curated third-party skill source. Run external-skill-auditor before repo promotion.

differential-review18 wordsInspect firstinspect-then-install
Curated third-party skill source. Run external-skill-auditor before repo promotion.

Quick Start

Install:

npx skills add trailofbits/skills --skill differential-review --skill agentic-actions-auditor --skill variant-analysis --skill insecure-defaults --skill supply-chain-risk-auditor --skill modern-python -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencode

Use: /differential-review

Works with Claude Code, Gemini CLI, OpenCode, and other agentskills.io-compatible agents.

What It Does

Section titled “What It Does”

Security-focused differential review of code changes (PRs, commits, diffs) using git history/blame for regressions, blast radius (callers), test coverage gaps, risk-first prioritization (auth/crypto/external/value), adaptive depth (SMALL/MEDIUM/LARGE), and adversarial modeling. Produces structured markdown report. Modular progressive disclosure (core SKILL.md + methodology/adversarial/reporting/patterns.md). Trail of Bits.

Harness Coverage

Section titled “Harness Coverage”

Targets verified harnesses: antigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode.

Portable multi-harness install command:

Terminal window
npx skills add trailofbits/skills --skill differential-review --skill agentic-actions-auditor --skill variant-analysis --skill insecure-defaults --skill supply-chain-risk-auditor --skill modern-python -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencode

Trust / Audit

Section titled “Trust / Audit”

Trust tier: Inspect first (needs-inspection)

Curated status: inspect-then-install

Risk notes: Curated third-party skill source. Run external-skill-auditor before repo promotion.

Entry maintained via authoring + research for compose-external-wave-4; provenance and audit notes are authoritative there (research context is advisory).

Install Prerequisites

Section titled “Install Prerequisites”

npx skills add trailofbits/skills --skill differential-review ... status=inspect-then-install; selector=named. Part of broader code-auditing plugin set.

FieldValue
Source Typecurated-external
Display Sourcetrailofbits/skills
Source Kindgithub
Installabilityportable command
Review Statecurated
Trust Tierneeds-inspection
Target Agentsantigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode
Curated catalog entry
docs/src/authoring/skills/differential-review.mdx (full SSOT excerpt)
---
name: "differential-review"
description: "Curated third-party skill source. Run external-skill-auditor before repo promotion."
title: "Differential Review"
source_kind: "curated-external"
source: "trailofbits/skills"
install_source: "trailofbits/skills"
status: "inspect-then-install"
trust_tier: "needs-inspection"
provenance_status: "verified-install-command"
install_command: "npx skills add trailofbits/skills --skill differential-review --skill agentic-actions-auditor --skill variant-analysis --skill insecure-defaults --skill supply-chain-risk-auditor --skill modern-python -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencode"
target_agents: [antigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode]
source_url: "https://github.com/trailofbits/skills"
notes: "Curated third-party skill source. Run external-skill-auditor before repo promotion."
risk_notes: "Curated third-party skill source. Run external-skill-auditor before repo promotion."
promotion_policy: "Inspect source, hooks, scripts, credentials, and dedupe before install."
provenance_evidence: "Curated `npx skills add` command with named `--skill` selectors under `inspect-then-install` in config/external-skills.md."
---


{/* GENERATED-AUTHORING: source=config/external-skills.md; entry=differential-review; re-run migration to refresh */}


Curated third-party skill source. Run external-skill-auditor before repo promotion.

Install / provenance (from authoring frontmatter + research):

FieldValue
install_commandnpx skills add trailofbits/skills --skill differential-review --skill agentic-actions-auditor --skill variant-analysis --skill insecure-defaults --skill supply-chain-risk-auditor --skill modern-python -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencode
sourcetrailofbits/skills
source_urlhttps://github.com/trailofbits/skills
trust_tierneeds-inspection
curated_statusinspect-then-install
target_agentsantigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode

Resources

Section titled “Resources”
Skill Catalog Browse custom and external skills.
CLI Reference Install and manage skills.
Built & designed by shadcn. Ported to Astro Starlight by Adrián UB. The source code is available on GitHub.
Home Start Here Skills Agents MCP CLI

Skills

Catalog Install Custom

Agents

Agents code-reviewer docs-writer orchestrator performance-profiler planner release-manager researcher security-auditor

MCP

MCP Servers mcphub

Hooks

Hooks codex-destructive-shell-guard codex-permission-request-guard codex-post-tool-verify-context codex-protected-file-guard codex-session-start-context codex-stop-truth-gate destructive-shell-guard post-edit-format post-edit-lint prompt-log protected-file-guard research-dangerous-shell-guard research-evidence-ledger research-prompt-triage-context research-readonly-write-guard research-stop-verifier session-start

Harness Config

Harness Config mcp-registry sync-manifest tooling-policy