- Home
- Skills
- Trailofbits
- Skills
- Audit Context Building
audit-context-building_skill
- Python
3k
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill trailofbits/skills --skill audit-context-building- SKILL.md9.6 KB
Overview
This skill enables ultra-granular, line-by-line code analysis to build a persistent, evidence-backed architectural model before any vulnerability hunting. It forces a bottom-up, micro-first approach that links block-level insights into function, module, and system-level context. The goal is deep understanding and anti-hallucination, not bug identification or fixes.
How this skill works
When active, the agent performs block-by-block and line-by-line analysis of code, applying First Principles plus 5 Whys/5 Hows at micro scale. It builds and continuously refines a global mental model, propagating invariants, assumptions, and dataflows across internal and external call chains. External calls without source are treated adversarially; external calls with source are analyzed seamlessly. The skill outputs structured summaries that anchor context and record corrections when earlier assumptions are contradicted.
When to use it
- Before any vulnerability discovery, to establish accurate context
- When you need bottom-up comprehension instead of high-level guesses
- During architecture reviews, threat modeling, or security audits
- When minimizing hallucination, contradictions, and context loss is critical
- For complex multi-module systems where call chains and invariants must be tracked
Best practices
- Run an initial orientation scan: map modules, entrypoints, actors, and key storage before deep dives
- Apply the per-function microstructure checklist for every non-trivial function
- Jump into callees immediately for internal and available external code; treat unknown externals as hostile
- Record invariants and assumptions explicitly; update them when contradicted and state the correction
- Anchor periodic summaries to maintain a stable global model and cross-reference new findings
Example use cases
- Reconstruct state and invariants across a multi-contract DeFi workflow before auditing for vulnerabilities
- Perform line-by-line analysis of helper functions that propagate critical assumptions to higher-level logic
- Trace a long internal call chain to validate assumptions about permissions and state transitions
- Map trust boundaries and untrusted input paths across modules prior to threat modeling
- Prepare high-quality context that a vulnerability-hunting agent can consume without re-inspecting the code
FAQ
No. It is explicitly for pure context building. It does not identify vulnerabilities, propose fixes, or produce exploits.
How are external calls handled when code is unavailable?
Treat them adversarially: document payloads, assumptions, and all possible outcomes (revert, strange returns, state changes, reentrancy) and propagate those possibilities into the global model.
What output structure should I expect from a function analysis?
Each function summary includes Purpose; Inputs & Assumptions; Outputs & Effects; Block-by-Block line analysis; Cross-function dependencies; and recorded invariants, assumptions, and risk notes.