Skip to content
/ .context Public

AI Agent Instructions for Smart Contract Auditing to generate triaged, industry grade report findings, code locations, pocs, attacker story flow graphs and more

forefy.com/skills

License

MIT license
57 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

forefy/.context

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
.github
.github
 
 
prompts
prompts
 
 
skills
skills
 
 
static
static
 
 
.gitignore
.gitignore
 
 
CLAUDE.md
CLAUDE.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
install.sh
install.sh
 
 

Repository files navigation

AI Agent Instructions for Security Auditing

Contribute GitHub last commit Forefy Twitter

Quick Start

curl -fsSL https://raw.githubusercontent.com/forefy/.context/main/install.sh | bash

The installer will prompt you to select your platform and automatically configure everything.

What is this?

Security audit instructions for AI agents. Turn GitHub Copilot, Claude Code, or any coding agent into a specialized security auditor.

Before: .context reop setup



After: Starting security analysis



Final: Generated Security Report

Usage

GitHub Copilot Copilot CLI (copilot)

Skills are auto-installed to .claude/skills/ and referenced by name:

@smart-contract-security-audit Review this Solidity project

Skills use the Agent Skills open standard.

GitHub Copilot GitHub Copilot (VSCode/IDE)

Skills are auto-installed to .claude/skills/ and referenced by name:

@smart-contract-security-audit

Custom slash commands are auto-installed to .github/prompts/:

/generate_audit_report_generic

Claude Claude Code

Skills are auto-installed to .claude/skills/ and referenced by name:

@smart-contract-security-audit

Available Skills

Skills follow the Agent Skills open standard - compatible with both GitHub Copilot and Claude Code.

Comprehensive Audits:

  • smart-contract-security-audit - Full smart contract audit framework with multi-expert analysis for Solidity, Anchor, and Vyper. Includes language-specific checks and vulnerability pattern references.
  • infrastructure-security-audit - Infrastructure security audit framework for IaC, Docker, Kubernetes, and cloud configurations.

Each skill is a directory with:

  • SKILL.md - Main framework and instructions
  • Language-specific reference files (loaded as needed for token efficiency)
  • reference/ - Vulnerability patterns organized by language

Prompts

Custom slash commands for Copilot (auto-installed to .github/prompts/):

  • /generate_audit_report_generic - Create comprehensive audit docs
  • /consolidate_audit_reports - Merge multiple audit runs
  • /triage_audit_findings_generic - Validate and filter findings

Vulnerability Patterns

Vulnerability patterns are organized within each skill's reference/ directory:

  • smart-contract-security-audit/reference/solidity/ - Solidity vulnerability patterns (fv-sol-X)
  • smart-contract-security-audit/reference/anchor/ - Anchor/Solana patterns (fv-anc-X)
  • smart-contract-security-audit/reference/vyper/ - Vyper patterns (fv-vyp-X)

Skills automatically reference these patterns during audits using progressive disclosure for token efficiency.

Output

Audits generate numbered folders in .context/outputs/:

  • audit-report.md - Security findings
  • audit-context.md - Scope and assumptions
  • audit-debug.md - Technical analysis log

About

AI Agent Instructions for Smart Contract Auditing to generate triaged, industry grade report findings, code locations, pocs, attacker story flow graphs and more

forefy.com/skills

Topics

smart-contracts ai-agents smart-contract-security smart-contract-audit llm-prompts context-engineering

Resources

Readme

License

MIT license
Activity

Stars

57 stars

Watchers

1 watching

Forks

12 forks
Report repository

Contributors

Languages