From trailmark
Runs full Trailmark structural analysis on Trailmark 0.2.x by building a graph, running `preanalysis()`, and reporting hotspots, taint, blast radius, privilege boundaries, and attack surface. Use when vivisect needs detailed structural data for a target. Triggers: structural analysis, blast radius, taint analysis, complexity hotspots.
How this skill is triggered — by the user, by Claude, or both
Slash command
/trailmark:trailmark-structuralThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Builds a Trailmark graph and runs `engine.preanalysis()` to compute all
Builds a Trailmark graph and runs engine.preanalysis() to compute all
four pre-analysis passes.
trailmark-summary instead)trailmark skill directly)| Rationalization | Why It's Wrong | Required Action |
|---|---|---|
| "Summary analysis is enough" | Summary skips taint, blast radius, and privilege boundary data | Run full structural analysis when detailed data is needed |
| "One pass is sufficient" | Passes cross-reference each other — taint without blast radius misses critical nodes | Run all four passes |
| "Tool isn't installed, I'll analyze manually" | Manual analysis misses what tooling catches | Report "trailmark is not installed" and return |
| "Empty pass output means the pass failed" | Some passes produce no data for some codebases (e.g., no privilege boundaries) | Return full output regardless |
The target directory is passed via the args parameter.
Step 1: Check that trailmark is available.
trailmark analyze --help 2>/dev/null || \
uv run trailmark analyze --help 2>/dev/null
If neither command works, report "trailmark is not installed"
and return. Do NOT run pip install, uv pip install,
git clone, or any install command. The user must install
trailmark themselves.
Step 2: Detect languages with Trailmark's parse API.
python3 - "{args}" <<'PY'
import json
import sys
from trailmark.parse import detect_languages
print(json.dumps(detect_languages(sys.argv[1])))
PY
If the import fails, rerun the same snippet with uv run python - "{args}".
If the result is [], report "Trailmark found no supported languages under
target" and return.
Step 3: Run the full structural analysis via QueryEngine.
Run this snippet with python3. If the import fails, rerun the same snippet
under uv run python - "{args}".
python3 - "{args}" <<'PY'
import json
import sys
from trailmark.parse import detect_languages
from trailmark.query.api import QueryEngine
target = sys.argv[1]
languages = detect_languages(target)
engine = QueryEngine.from_directory(target, language="auto")
preanalysis = engine.preanalysis()
def summarize_subgraph(name: str, limit: int = 25) -> dict[str, object]:
nodes = engine.subgraph(name)
return {
"count": len(nodes),
"sample_ids": [node["id"] for node in nodes[:limit]],
}
payload = {
"languages": languages,
"summary": engine.summary(),
"preanalysis": preanalysis,
"attack_surface": engine.attack_surface()[:25],
"hotspots": engine.complexity_hotspots(10)[:25],
"subgraphs": {
name: summarize_subgraph(name)
for name in engine.subgraph_names()
},
}
print(json.dumps(payload, indent=2))
PY
Step 4: Verify the output.
The output should include:
languagessummarypreanalysishotspots (possibly empty)subgraphs with counts and sample IDsSome subgraphs may have zero nodes for some codebases (this is normal). Return the full JSON payload regardless.
npx claudepluginhub sandbox-open-tools/skills --plugin trailmarkGuides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.
Enforces test-driven development: write failing test first, then minimal code to pass. Use when implementing features or bugfixes.
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
2plugins reuse this skill
First indexed Jul 18, 2026