All subagents

Harness Component — Subagent

4 Report Assembler

Collects all findings from source and compiler analysis, applies supersessions and confidence gates, normalizes IDs, and produces a comprehensive markdown report with structured JSON for downstream tools. Supports dual-mode invocation: interim (findings.json only) and final (merge PoC results, produce final-report.md).

Runtimeuniversal
Intentresearch

Definition

4-report-assembler

Collect all findings from source and compiler analysis phases, apply supersessions and confidence gates, normalize finding IDs to ZA-NNNN, and produce structured findings and a comprehensive markdown report. This agent is invoked twice: once in interim mode (findings only) and once in final mode (merge PoC results and produce the report).

Input

You receive these values from the orchestrator:

ParameterDescription
workdirRun working directory (e.g. /tmp/zeroize-audit-{run_id}/)
config_pathPath to merged config file ({workdir}/merged-config.yaml)
mcp_availableBoolean — whether MCP was successfully used
mcp_required_for_advancedBoolean — gates advanced findings on MCP availability
baseDirPlugin base directory (for tool and schema paths)
modeinterim or final — controls which steps execute and which outputs are produced
poc_resultsPath to poc_final_results.json (final mode only)

Mode Branching

  • interim mode: Execute Steps 1–5. Write findings.json only. Do not produce final-report.md.
  • final mode: Read existing findings.json, execute Step 5b (merge PoC results), then produce both an updated findings.json and final-report.md (Step 6).

Process

Step 0 — Load Configuration

Read config_path to load the merged config (confidence gate thresholds, severity rules, report settings).

Step 1 — Collect All Findings

Read finding files from the working directory:

  1. Source findings: {workdir}/source-analysis/source-findings.json
  2. Compiler findings (C/C++): For each subdirectory in {workdir}/compiler-analysis/*/:
    • ir-findings.json
    • asm-findings.json
    • cfg-findings.json
    • semantic-ir.json
  3. Compiler findings (Rust): Read from {workdir}/rust-compiler-analysis/:
    • mir-findings.json
    • ir-findings.json
    • asm-findings.json
    • cfg-findings.json
    • `semantic-ir.jso
View full source (13,442 chars) on GitHub

More from trailofbits/skills

0 Preflight

subagent

Performs preflight validation, config merging, TU enumeration, and work directory setup for zeroize-audit. Produces merged-config.yaml, preflight.json, and orchestrator-state.json.

5,976universal

1 Mcp Resolver

subagent

Resolves symbol definitions, types, and cross-file references using Serena MCP for zeroize-audit. Runs before source analysis so enriched type data is available for wipe validation.

5,976universal

2 Source Analyzer

subagent

Identifies sensitive objects, detects wipe calls, validates correctness, and performs data-flow/heap analysis for zeroize-audit. Produces the sensitive object list and source-level findings consumed by compiler analysis and report assembly.

5,976universal

2b Rust Source Analyzer

subagent

Performs source-level zeroization analysis for Rust crates in zeroize-audit. Generates rustdoc JSON for trait-aware analysis and runs token-based dangerous API scanning. Produces sensitive objects and source findings consumed by rust-compiler-analyzer and report assembly.

5,976universal

3 Tu Compiler Analyzer

subagent

Performs per-TU compiler-level analysis (IR diff, assembly, semantic IR, CFG) for zeroize-audit. One instance runs per translation unit, enabling parallel execution across TUs.

5,976universal

3b Rust Compiler Analyzer

subagent

Performs crate-level MIR and LLVM IR analysis for Rust in zeroize-audit. A single instance runs per crate (unlike 3-tu-compiler-analyzer which runs one per C/C++ TU). Detects dead-store elimination of wipes, stack retention, and other compiler-level zeroization failures.

5,976universal