diagramming-code
- Repo stars 5,723
- Forks 499
- Author updated Jun 15, 2026, 04:05 PM
- Author repo skills
- Domain
- AI
- Compatible agents
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- Trust score
- 88 / 100 · community maintained
- Author / version / license
- @trailofbits · no license declared
- Token usage
- Lean
- Setup complexity
- Guided setup
- External API key
- Not required
- Operating systems
- macOS · Linux · Windows
- Runtime requirements
- Node.js · Python
- Permissions
-
- Read-only
- Shell exec
- Write / modify
- Network behavior
- Local-only
- Install commands
- 26 variants
Profile is derived at build time from SKILL.md and install vectors. Subject to drift from author intent.
Heads up: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: diagramming-code
description: > Generates Mermaid diagrams from Trailmark's code graph. A pre-made script handles Mermaid synt…
category: ai
runtime: Node.js / Python
---
# diagramming-code output preview
## PART A: Task fit
- Use case: > Generates Mermaid diagrams from Trailmark's code graph. A pre-made script handles Mermaid syntax generation; Claude selects the diagram type and uv pip install trailmark script uses Trailmark's parsed graph for accuracy. If installation fails, runs entirely locally; runs on Node.js. Works with Claude Code, Cursor, Cline and 23 more..
- Inputs: target material, constraints, expected output, and acceptance criteria.
- Evidence boundary: follow “When to Use / When NOT to Use / Prerequisites” and do not present inference as author intent.
## PART B: Execution result
- **01** The card summarizes the use case; runtime output centers on “> Generates Mermaid diagrams from Trailmark's code graph. A pre-made script handles Mermaid syntax generation; Claude selects the diagram type and uv pip install trailmark script uses Trailmark's parsed graph for accuracy. If installation fails, runs entirely locally; runs on Node.js. Works with Claude Code, Cursor, Cline and 23 more.”.
- **02** When the source has headings, the agent prioritizes “When to Use / When NOT to Use / Prerequisites” so the result follows the author’s structure.
- **03** Typical output includes task judgment, concrete steps, required commands or file edits, validation, and follow-up options.
- **04** Risk context follows the fingerprint: read files, run shell commands, write/modify files; mostly runs locally; usually needs no extra API key.
## Running Rules
- read files, run shell commands, write/modify files; mostly runs locally; usually needs no extra API key.
- Validate with a small sample before expanding scope.
- Return the result, validation criteria, and next iteration options. The source does not require a stable slash command. After installation, invoke the skill by name and describe the task.
Name target files or source material, expected output, forbidden changes, and whether network or shell access is allowed. Permission fingerprint: read files, run shell commands, write/modify files.
Start with a small task and check whether the result follows “When to Use / When NOT to Use / Prerequisites”. Inspect diffs, logs, previews, or tests before expanding scope.
Confirm the final output includes a concrete result, evidence, and next action. If it stays generic, tighten inputs, boundaries, and acceptance criteria.
---
name: diagramming-code
description: > Generates Mermaid diagrams from Trailmark's code graph. A pre-made script handles Mermaid synt…
category: ai
source: trailofbits/skills
---
# diagramming-code
## When to use
- > Generates Mermaid diagrams from Trailmark's code graph. A pre-made script handles Mermaid syntax generation; Claude…
- Use it when the task has clear inputs, repeatable steps, and validation criteria.
## What to provide
- Target material, scope, expected result, and forbidden changes.
- Whether network, commands, file writes, or external services are allowed.
## Execution rules
- Organize steps around “When to Use / When NOT to Use / Prerequisites” and keep inference separate from source facts.
- read files, run shell commands, write/modify files; mostly runs locally; usually needs no extra API key.
- Validate with a small sample before expanding the task.
## Output requirements
- Return the deliverable, key evidence, validation method, and next action.
- Mark missing information as unknown; do not invent commands, platforms, or dependencies. The author source anchors workflow facts; repository files anchor sources and commands; Fluxly only adds fit, limitations, and quality judgment.
skill "diagramming-code" {
input -> user goal + target files + boundaries + acceptance criteria
context -> When to Use / When NOT to Use / Prerequisites
rules -> SKILL.md triggers / order / output contract
runtime -> Node.js / Python | read files, run shell commands, write/modify files | mostly runs locally
guardrails -> usually needs no extra API key + small-sample validation + diff/log review
output -> copyable result + checklist + next iteration
} Diagramming Code
Generates Mermaid diagrams from Trailmark's code graph. A pre-made script handles Mermaid syntax generation; Claude selects the diagram type and parameters.
When to Use
- Visualizing call paths between functions
- Drawing class inheritance hierarchies
- Mapping module import dependencies
- Showing class structure with members
- Highlighting complexity hotspots with color coding
- Tracing data flow from entrypoints to sensitive functions
When NOT to Use
- Querying the graph without visualization (use the
trailmarkskill) - Mutation testing triage (use the
genotoxicskill) - Architecture diagrams not derived from code (draw by hand)
Prerequisites
trailmark must be installed. If uv run trailmark fails, run:
uv pip install trailmark
DO NOT fall back to hand-writing Mermaid from source code reading. The script uses Trailmark's parsed graph for accuracy. If installation fails, report the error to the user.
Quick Start
uv run {baseDir}/scripts/diagram.py \
--target {targetDir} --language auto --type call-graph \
--focus main --depth 2
Output is raw Mermaid text. Wrap in a fenced code block:
```mermaid
flowchart TB
...
```
Diagram Types
├─ "Who calls what?" → --type call-graph
├─ "Class inheritance?" → --type class-hierarchy
├─ "Module dependencies?" → --type module-deps
├─ "Class members and structure?" → --type containment
├─ "Where is complexity highest?" → --type complexity
└─ "Path from input to function?" → --type data-flow
For detailed examples of each type, see references/diagram-types.md.
Workflow
Diagram Progress:
- [ ] Step 1: Verify trailmark is installed
- [ ] Step 2: Identify diagram type from user request
- [ ] Step 3: Determine focus node and parameters
- [ ] Step 4: Run diagram.py script
- [ ] Step 5: Verify output is non-empty and well-formed
- [ ] Step 6: Embed diagram in response
Step 1: Run uv run trailmark analyze --language auto --summary {targetDir}. Install
if it fails. Then run pre-analysis via the programmatic API:
from trailmark.query.api import QueryEngine
engine = QueryEngine.from_directory("{targetDir}", language="auto")
engine.preanalysis()
Pre-analysis enriches the graph with blast radius, taint propagation,
and privilege boundary data used by data-flow diagrams.
If auto-detection is wrong for the target, rerun with an explicit language or
comma-separated list such as python,rust.
Step 2: Match the user's request to a --type using the decision tree
above.
Step 3: For call-graph and data-flow, identify the focus function.
Default --depth 2. Use --direction LR for dependency flows.
Step 4: Run the script and capture stdout.
Step 5: Check: output starts with flowchart or classDiagram,
contains at least one node. If empty or malformed, consult
references/mermaid-syntax.md.
Step 6: Wrap output in ```mermaid ``` code fence.
Script Reference
uv run {baseDir}/scripts/diagram.py [OPTIONS]
| Argument | Short | Default | Description |
|---|---|---|---|
--target |
-t |
required | Directory to analyze |
--language |
-l |
python |
Source language |
--type |
-T |
required | Diagram type (see above) |
--focus |
-f |
none | Center diagram on this node |
--depth |
-d |
2 |
BFS traversal depth |
--direction |
TB |
Layout: TB (top-bottom) or LR (left-right) |
|
--threshold |
10 |
Min complexity for complexity type |
Examples
# Call graph centered on a function
uv run {baseDir}/scripts/diagram.py -t src/ -T call-graph -f parse_file
# Class hierarchy for a Rust project
uv run {baseDir}/scripts/diagram.py -t src/ -l rust -T class-hierarchy
# Module dependency map, left-to-right
uv run {baseDir}/scripts/diagram.py -t src/ -T module-deps --direction LR
# Class members
uv run {baseDir}/scripts/diagram.py -t src/ -T containment
# Complexity heatmap (threshold 5)
uv run {baseDir}/scripts/diagram.py -t src/ -T complexity --threshold 5
# Data flow from entrypoints to a specific function
uv run {baseDir}/scripts/diagram.py -t src/ -T data-flow -f execute_query
Customization
Direction: Use TB (default) for hierarchical views, LR for
left-to-right flows like dependency chains.
Depth: Increase --depth to see more of the call graph. Decrease to
reduce clutter. The script warns if the diagram exceeds 100 nodes.
Focus: Always use --focus for call-graph on non-trivial codebases.
For data-flow, omitting focus auto-targets the top 10 complexity hotspots.
Language: Prefer --language auto for polyglot or unfamiliar repos.
Use an explicit language only when you know the target is single-language or
you need to exclude unrelated components.
Supporting Documentation
- references/diagram-types.md - Detailed docs and Mermaid examples for each diagram type
- references/mermaid-syntax.md - ID sanitization, escaping, style definitions, and common pitfalls
Decide Fit First
Design Intent
How To Use It
Boundaries And Review