Grill (Adversarial Code Challenge)

Trust Score 87/100

Performs adversarial stress-testing of code to find edge cases, race conditions, security holes, and logical flaws before deployment.

triggers:grillattackadversarialstress-testvulnerabilitysecurityedge-cases

GitHub SKILL.md

What it does

The Grill skill systematically attacks target code to reveal vulnerabilities, edge-cases, race conditions, and logical bugs that normal reviews often miss. It defines a structured workflow: target analysis, categorized attack vectors (input, state, boundary, logic, error paths), reproducible proofs, severity ratings, and hardening recommendations.

When to use it

Use before deploying critical code (authentication, payments, data handling), after complex changes, or when auditing fixes. Not intended for generic code quality reviews — it's adversarial and focused on breaking behavior.

What's included

Scripts: none bundled in the skill snapshot
References: none bundled, but the skill includes command snippets and checklist workflows for targeted testing and grep-based pattern searches.
Instructions: step-by-step grilling workflow, attack categories, verification protocol, and an output template for vulnerability reports and resilience scoring.

Compatible agents

Designed for code-review and security-focused agents (Claude Code, Cursor, Codex, advanced LLM-based security scanners).

Audit Summary

Grill is an adversarial code review skill that guides an agent through systematic stress-testing across 5 attack categories (input, state, boundary, logic, error path). No scripts included — purely instructional via SKILL.md. The skill is well-structured with clear steps, detailed attack tables, and a resilience scoring formula. Security posture is strong: read-only by design, restricted tool access, no network calls or credentials.

Watch Out

Bash tool access is broad despite the skill stating read-only — agent could theoretically execute modifications
No scripts to validate — purely instructional skill
Attack vectors reference TypeScript-specific patterns (as, !, @ts-ignore) which limits applicability for other languages

Notes

Clean instructional skill with no scripts. The adversarial review methodology is thorough and well-documented. The allowed-tools field correctly restricts to Read, Bash, Glob, Grep. Minor architectural concern: single monolithic SKILL.md could benefit from splitting attack tables into references/. The bash access is broader than needed but the skill explicitly mandates read-only operation.

Information

Repository: specialist-agent
Stars: 12
Installs: 0

Trust Score

Overall87

Security95

Code Quality82

Architecture76

Usefulness85

More from specialist-agent

Test-Driven Development (TDD)

Run disciplined TDD cycles: write a failing test, implement the minimal fix, then refactor — for features and bugfixes where correctness matters.

/verify — Verification Before Completion

Run fresh verification commands (tests, build, lint, types) and require full output evidence before claiming work is complete or merging changes.

/learn — Interactive Learning Mode

Teaching-first implementation assistant: explains why decisions are made, walks through architecture, and produces incremental code with pedagogy for onboarding

Adaptive Planning (/plan)

Generate an implementation plan matched to task complexity — from quick mini-plans to full design documents — before writing code or making large changes.

Systematic Debug (/debug)

A four-phase, evidence-first debugging methodology agent skill: gather evidence, analyze patterns, formulate hypotheses, and implement & prove fixes.

Smart Commit (conventional commit generator)

Generate and apply conventional commit messages with automatic type & scope detection plus pre-commit validation for secrets and debug artifacts.

Conversion Rate Optimization (CRO)

Audit landing pages and user flows to find conversion friction and deliver prioritized, testable A/B recommendations.

Migration: Migrate Module

Automates a multi-phase migration of an Angular module to a target architecture with approval gates and validation after each phase.

Next.js: Migration — Migrate Component

Convert a Next.js Pages Router component/page to the App Router pattern, updating routing, data fetching, and component boundaries for Next.js App Router.

Review Review

Use when code changes need review before merge - validates architecture, types, security, and test coverage.

Related Skills

Development Worktree

Create an isolated git worktree for feature work, auto-run project setup, and verify a clean test baseline before development.

TradeOS

Natural-language driven CEX trading and portfolio management for agents: API key vaulting, multi-exchange orders, DCA, arbitrage scanning, alerts and security r

Full Stack Builder

End-to-end builder that scaffolds, implements, tests, and optionally deploys web and API applications from a natural-language specification.

Claw Bench

Benchmarking skill that guides an agent through a structured suite of capability tests and reporting steps for leaderboard submission.

Java 25 & Spring Boot 4 Code Reviewer

Run focused, evidence-based code reviews for Java 25 and Spring Boot 4 projects — migration risks, architecture boundaries, null-safety (JSpecify), security, an

ArcKit — French Public Procurement (fr-marche-public)

Generates French public procurement (Dossier de Consultation des Entreprises) drafts aligned with the Code de la Commande Publique, UGAP frameworks, and DINUM d

Speak Security Basics

Security best practices for integrating Speak: API key management, audio data privacy, student data protection, and COPPA/FERPA compliance for production deploy

Apollo Security Basics

Practical security best-practices for integrating with the Apollo.io API: safe key storage, PII redaction, minimal permissions, rotation, and automated audit ch

Grill (Adversarial Code Challenge)

What it does

When to use it

What's included

Compatible agents