trailmark
- Repo stars 5,723
- Forks 499
- Author updated Jun 15, 2026, 04:05 PM
- Author repo skills
- Domain
- AI
- Compatible agents
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- Trust score
- 88 / 100 · community maintained
- Author / version / license
- @trailofbits · no license declared
- Token usage
- Lean
- Setup complexity
- Guided setup
- External API key
- Not required
- Operating systems
- macOS · Linux · Windows
- Runtime requirements
- Node.js · Python
- Permissions
-
- Read-only
- Write / modify
- Network behavior
- Local-only
- Install commands
- 26 variants
Profile is derived at build time from SKILL.md and install vectors. Subject to drift from author intent.
Heads up: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: trailmark
description: Builds and queries multi-language source code graphs for security analysis. Includes pre-analysi…
category: ai
runtime: Node.js / Python
---
# trailmark output preview
## PART A: Task fit
- Use case: Builds and queries multi-language source code graphs for security analysis. Includes pre-analysis passes for blast radius, taint propagation, privilege boundaries, and entry point enumeration. Use when analyzing call paths, mapping attack surface, finding complexity hotspots, enumerating entry points, tracing taint propagation, measuring blast radius, or building a code graph for audit prioritization. Prefer `trailmark.parse.detect_languages()` or `--language auto` when the target language is unknown or polyglot..
- Inputs: target material, constraints, expected output, and acceptance criteria.
- Evidence boundary: follow “When to Use / When NOT to Use / Rationalizations to Reject” and do not present inference as author intent.
## PART B: Execution result
- **01** The card summarizes the use case; runtime output centers on “Builds and queries multi-language source code graphs for security analysis. Includes pre-analysis passes for blast radius, taint propagation, privilege boundaries, and entry point enumeration. Use when analyzing call paths, mapping attack surface, finding complexity hotspots, enumerating entry points, tracing taint propagation, measuring blast radius, or building a code graph for audit prioritization. Prefer `trailmark.parse.detect_languages()` or `--language auto` when the target language is unknown or polyglot.”.
- **02** When the source has headings, the agent prioritizes “When to Use / When NOT to Use / Rationalizations to Reject” so the result follows the author’s structure.
- **03** Typical output includes task judgment, concrete steps, required commands or file edits, validation, and follow-up options.
- **04** Risk context follows the fingerprint: read files, write/modify files; mostly runs locally; usually needs no extra API key.
## Running Rules
- read files, write/modify files; mostly runs locally; usually needs no extra API key.
- Validate with a small sample before expanding scope.
- Return the result, validation criteria, and next iteration options. The source does not require a stable slash command. After installation, invoke the skill by name and describe the task.
Name target files or source material, expected output, forbidden changes, and whether network or shell access is allowed. Permission fingerprint: read files, write/modify files.
Start with a small task and check whether the result follows “When to Use / When NOT to Use / Rationalizations to Reject”. Inspect diffs, logs, previews, or tests before expanding scope.
Confirm the final output includes a concrete result, evidence, and next action. If it stays generic, tighten inputs, boundaries, and acceptance criteria.
---
name: trailmark
description: Builds and queries multi-language source code graphs for security analysis. Includes pre-analysi…
category: ai
source: trailofbits/skills
---
# trailmark
## When to use
- Builds and queries multi-language source code graphs for security analysis. Includes pre-analysis passes for blast rad…
- Use it when the task has clear inputs, repeatable steps, and validation criteria.
## What to provide
- Target material, scope, expected result, and forbidden changes.
- Whether network, commands, file writes, or external services are allowed.
## Execution rules
- Organize steps around “When to Use / When NOT to Use / Rationalizations to Reject” and keep inference separate from source facts.
- read files, write/modify files; mostly runs locally; usually needs no extra API key.
- Validate with a small sample before expanding the task.
## Output requirements
- Return the deliverable, key evidence, validation method, and next action.
- Mark missing information as unknown; do not invent commands, platforms, or dependencies. The author source anchors workflow facts; repository files anchor sources and commands; Fluxly only adds fit, limitations, and quality judgment.
skill "trailmark" {
input -> user goal + target files + boundaries + acceptance criteria
context -> When to Use / When NOT to Use / Rationalizations to Reject
rules -> SKILL.md triggers / order / output contract
runtime -> Node.js / Python | read files, write/modify files | mostly runs locally
guardrails -> usually needs no extra API key + small-sample validation + diff/log review
output -> copyable result + checklist + next iteration
} Trailmark
Parses source code into a directed graph of functions, classes, calls, and semantic metadata for security analysis.
When to Use
- Mapping call paths from user input to sensitive functions
- Finding complexity hotspots for audit prioritization
- Identifying attack surface and entrypoints
- Understanding call relationships in unfamiliar codebases
- Security review or audit preparation across polyglot projects
- Adding LLM-inferred annotations (assumptions, preconditions) to code units
- Pre-analysis before mutation testing (genotoxic skill) or diagramming
When NOT to Use
- Single-file scripts where call graph adds no value (read the file directly)
- Architecture diagrams not derived from code (use the
diagramming-codeskill or draw by hand) - Mutation testing triage (use the genotoxic skill, which calls trailmark internally)
- Runtime behavior analysis (trailmark is static, not dynamic)
Rationalizations to Reject
| Rationalization | Why It's Wrong | Required Action |
|---|---|---|
| "I'll just read the source files manually" | Manual reading misses call paths, blast radius, and taint data | Install trailmark and use the API |
| "Pre-analysis isn't needed for a quick query" | Blast radius, taint, and privilege data are only available after preanalysis() |
Always run engine.preanalysis() before handing off to other skills |
| "The graph is too large, I'll sample" | Sampling misses cross-module attack paths | Build the full graph; use subgraph queries to focus |
| "Uncertain edges don't matter" | Dynamic dispatch is where type confusion bugs hide | Account for uncertain edges in security claims |
| "Single-language analysis is enough" | Polyglot repos have FFI boundaries where bugs cluster | Use the correct --language flag per component |
| "Complexity hotspots are the only thing worth checking" | Low-complexity functions on tainted paths are high-value targets | Combine complexity with taint and blast radius data |
Installation
MANDATORY: If uv run trailmark fails (command not found, import error,
ModuleNotFoundError), install trailmark before doing anything else:
uv pip install trailmark
DO NOT fall back to "manual verification", "manual analysis", or reading source files by hand as a substitute for running trailmark. The tool must be installed and used programmatically. If installation fails, report the error to the user instead of silently switching to manual code reading.
Quick Start
# Auto-detect and merge every supported language under the tree
uv run trailmark analyze --language auto --summary {targetDir}
# Explicit languages (single language or comma-separated list)
uv run trailmark analyze --language rust {targetDir}
uv run trailmark analyze --language python,rust {targetDir}
# Complexity hotspots
uv run trailmark analyze --language auto --complexity 10 {targetDir}
Programmatic API
from trailmark.parse import detect_languages, supported_languages
from trailmark.query.api import QueryEngine
# Ask the installed Trailmark build what it supports
supported_languages()
detect_languages("{targetDir}")
# Prefer auto for unknown or polyglot trees; use explicit lists when needed
engine = QueryEngine.from_directory("{targetDir}", language="auto")
engine = QueryEngine.from_directory("{targetDir}", language="python,rust")
engine.callers_of("function_name")
engine.callees_of("function_name")
engine.paths_between("entry_func", "db_query")
engine.complexity_hotspots(threshold=10)
engine.attack_surface()
engine.summary()
engine.to_json()
# Run pre-analysis (blast radius, entrypoints, privilege
# boundaries, taint propagation)
result = engine.preanalysis()
# Query subgraphs created by pre-analysis
engine.subgraph_names()
engine.subgraph("tainted")
engine.subgraph("high_blast_radius")
engine.subgraph("privilege_boundary")
engine.subgraph("entrypoint_reachable")
# Add LLM-inferred annotations
from trailmark.models import AnnotationKind
engine.annotate("function_name", AnnotationKind.ASSUMPTION,
"input is URL-encoded", source="llm")
# Query annotations (including pre-analysis results)
engine.annotations_of("function_name")
engine.annotations_of("function_name",
kind=AnnotationKind.BLAST_RADIUS)
engine.annotations_of("function_name",
kind=AnnotationKind.TAINT_PROPAGATION)
Pre-Analysis Passes
Always run engine.preanalysis() before handing off to genotoxic or
diagramming-code skills. Pre-analysis enriches the graph with four passes:
- Blast radius estimation — counts downstream and upstream nodes per function, identifies critical high-complexity descendants
- Entry point enumeration — maps entrypoints by trust level, computes reachable node sets
- Privilege boundary detection — finds call edges where trust levels change (untrusted -> trusted)
- Taint propagation — marks all nodes reachable from untrusted entrypoints
Results are stored as annotations and named subgraphs on the graph.
For detailed documentation, see references/preanalysis-passes.md.
Language Selection
Do not hardcode a stale language table in downstream workflows. Ask the installed Trailmark build what it supports:
from trailmark.parse import detect_languages, supported_languages
supported_languages()
detect_languages("{targetDir}")
CLI patterns:
# Auto-detect and merge
uv run trailmark analyze --language auto {targetDir}
# Explicit list for a known polyglot target
uv run trailmark analyze --language python,rust {targetDir}
Graph Model
Node kinds: function, method, class, module, struct,
interface, trait, enum, namespace, contract, library,
template
Edge kinds: calls, inherits, implements, contains, imports
Edge confidence: certain (direct call, self.method()), inferred
(attribute access on non-self object), uncertain (dynamic dispatch)
Per Code Unit
- Parameters with types, return types, exception types
- Cyclomatic complexity and branch metadata
- Docstrings
- Annotations:
assumption,precondition,postcondition,invariant,blast_radius,privilege_boundary,taint_propagation,finding,audit_note(last two set byaugment_sarif/augment_weaudit)
Per Edge
- Source/target node IDs, edge kind, confidence level
Project Level
- Dependencies (imported packages)
- Entrypoints with trust levels and asset values
- Named subgraphs (populated by pre-analysis)
Key Concepts
Declared contract vs. effective input domain: Trailmark separates what a function declares it accepts from what can actually reach it via call paths. Mismatches are where vulnerabilities hide:
- Widening: Unconstrained data reaches a function that assumes validation
- Safe by coincidence: No validation, but only safe callers exist today
Edge confidence: Dynamic dispatch produces uncertain edges. Account for
confidence when making security claims.
Subgraphs: Named collections of node IDs produced by pre-analysis.
Query with engine.subgraph("name"). Available after engine.preanalysis().
Query Patterns
See references/query-patterns.md for common security analysis patterns.
See references/preanalysis-passes.md for pre-analysis pass documentation.
Decide Fit First
Design Intent
How To Use It
Boundaries And Review