What happens if I don't have a formal security report?

While providing a report allows for automated matching, the skill can still analyze commit ranges for general bug introduction patterns and security regressions without a baseline report.

Does this skill only check if the commit message mentions a fix?

No. The skill is designed to ignore potentially misleading commit messages and verify the actual code logic against the audit findings to ensure the root cause is addressed.

What types of security reports does this skill support?

It supports local files in PDF, Markdown, JSON, and HTML formats, as well as web URLs and Google Drive links. It is specifically optimized for Trail of Bits finding patterns.

Can it detect if a security fix introduces new vulnerabilities?

Yes, it includes a dedicated phase to scan for security anti-patterns such as access control weakening, validation removal, or improper error handling in the new changes.

Security Fix Reviewer

Name: Security Fix Reviewer
Author: fjor1025

byfjor1025

0•

Security & Testing

Verifies that security audit remediations are correctly implemented in git commits without introducing new vulnerabilities.

The fix-review skill provides a systematic framework for validating security audit remediations within your development workflow. By performing differential analysis between baseline and target commits, it ensures that specific security findings—such as those in Trail of Bits format—are fully addressed. The skill cross-references code changes with audit recommendations, scans for common security anti-patterns, and generates detailed verification reports, helping teams maintain a secure and stable codebase throughout the post-audit remediation process.

Key Features

010 GitHub stars

02Differential commit analysis to verify specific remediation logic

03Structured finding status tracking (Fixed, Partial, Not Addressed)

04Automated security audit report parsing for PDF, MD, and JSON formats

05Security anti-pattern detection to prevent new bug introduction

06Comprehensive FIX_REVIEW_REPORT.md generation with evidence logs

Use Cases

01Systematically tracking the status of remediation efforts across complex commit ranges

02Performing post-remediation reviews to ensure no regressions were introduced during bug fixes

03Validating that a fix branch correctly addresses all findings from a third-party security audit

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fjor1025/infosec-framework fix-review

For use in Claude.ai and ChatGPT

Download Skill