Technical & DevelopmentIntermediate

sharp-edges

Identify error-prone APIs and dangerous configurations

Developer Setup

Setup & Installation

bash

npx skills add https://github.com/trailofbits/skills --skill sharp-edges

npx skills add https://github.com/trailofbits/skills --skill sharp-edges

Or paste this URL into your assistant to install:

https://github.com/trailofbits/skills/tree/main/plugins/sharp-edges View on GitHub

Overview

What This Skill Does

Evaluates whether APIs, configurations, and interfaces are resistant to developer misuse. Focuses on cases where the easy path leads to insecurity, such as algorithm selection footguns, dangerous defaults, silent failures, and stringly-typed security values. Applies the "pit of success" principle: secure usage should be the default, not an opt-in.

Application

When to use this Skill

Configuring integration settings for custom agent workflows.
Optimizing query execution and response latency in production.
Developing clean, standard-compliant implementations for enterprise services.
Troubleshooting connection timeouts and authentication handshakes.
Monitoring API rate limits and execution pipelines programmatically.

Documentation

Show Skills.md file

Sharp Edges

Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes through developer confusion, laziness, or malice.

When to Use

Reviewing API designs for security-relevant interfaces
Auditing configuration schemas that expose security choices
Evaluating cryptographic library ergonomics
Assessing authentication/authorization APIs
Any code review where developers make security-critical decisions

What It Does

Analyzes code and designs through the lens of three adversaries:

The Scoundrel: Can a malicious developer or attacker disable security via configuration?
The Lazy Developer: Will copy-pasting the first example lead to insecure code?
The Confused Developer: Can parameters be swapped without type errors?

Core Principle

The pit of success: Secure usage should be the path of least resistance. If developers must read documentation carefully or remember special rules to avoid vulnerabilities, the API has failed.

Installation

Lines 1 - 25 of 52

Recommendations

Explore other random skills

CreativeBeginner

rust-best-practices

Rust coding guidelines drawn from Apollo GraphQL's internal handbook

TechnicalBeginner

skill-creator

Create and structure Agent Skills focused on Apollo GraphQL

CreativeIntermediate

crypto-market-rank

Query crypto market rankings including trending tokens, smart money inflows, meme rankings, and top trader PnL leaderboards

All skills My patterns