Alanamultiskillagent
Back to skills

sharp-edges

security

Evaluates whether APIs, configurations, and interfaces are resistant to developer misuse. Focuses on cases where the easy path leads to insecurity, such as algorithm selection footguns, dangerous defa

trailofbitstrailofbits
|View all trailofbits skills →

Setup & Installation

npx skills add https://github.com/trailofbits/sharp-edges --skill sharp-edges
or paste the link and ask your coding assistant to install it
https://github.com/trailofbits/sharp-edges
View on GitHub

What This Skill Does

Evaluates whether APIs, configurations, and interfaces are resistant to developer misuse. Focuses on cases where the easy path leads to insecurity, such as algorithm selection footguns, dangerous defaults, silent failures, and stringly-typed security values. Applies the "pit of success" principle: secure usage should be the default, not an opt-in. Manual code review rarely probes edge cases like timeout=0 or empty-key bypass paths systematically, and this skill works through a structured adversary model covering malicious, lazy, and confused developers.

When to use it

  • Working with sharp edges functionality
  • Implementing sharp edges features
  • Debugging sharp edges related issues

Similar Skills

audit-context-building

A structured analysis skill for the pre-audit phase of code review. It guides Claude through line-by-line function analysis, cross-boundary call tracing, and invariant mapping before any vulnerability

auth0-android

Adds authentication to native Android apps using the Auth0 SDK. Supports Web Auth login/logout, biometric-protected credentials, secure token storage, passwordless login, and MFA. Works with both Kotl

auth0-angular

Adds authentication to Angular apps using the @auth0/auth0-angular SDK. Handles login/logout flows, route guards, HTTP interceptors for attaching tokens, and user profile access through observables. W

auth0-aspnetcore-api

Adds JWT access token validation to ASP.NET Core Web APIs using Auth0. It handles bearer token authentication, scope and permission checks, and supports DPoP proof-of-possession token binding. Works w