Second Opinion
Description
Run code reviews using external LLM CLIs (OpenAI Codex, Google Gemini) on uncommitted changes, branch diffs, or specific commits.
Installation
claude install-skill https://github.com/trailofbits/skills/tree/main/plugins/second-opinion README
second-opinion
Run code reviews using external LLM CLIs (OpenAI Codex, Google Gemini) on uncommitted changes, branch diffs, or specific commits.
Prerequisites
OpenAI Codex CLI
- undefined
Google Gemini CLI
- undefined
Installation
/plugin marketplace add trailofbits/skills
/plugin install second-opinionUsage
/second-opinionThe command will prompt for:
- undefined
Quick invocation
/second-opinion check the uncommitted changes for security issuesInline arguments pre-fill the scope and focus, skipping redundant questions.
How It Works
Shells out to `codex review` and/or `gemini` CLI with high-capability model configurations. When both tools are selected (the default), runs Codex first then Gemini, presenting results side by side for comparison.
Codex MCP Tools
This plugin bundles Codex CLI's built-in MCP server (`codex mcp-server`), which auto-starts when the plugin is installed and provides two MCP tools:
- undefined
...
Related Skills
Defense in Depth
Implement multi-layered testing and security best practices.
SecLists Official Repository
[OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)
Threat Hunting with Sigma Rules
Use Sigma detection rules to hunt for threats and analyze security events
Maintenance Walkthrough - 2026-03-29
- Re-triaged the full 2026-03-15 security finding set against current `main` and wrote a fresh current-head report in `docs/maintainers/security-findings-triage-2026-03-29-refresh.md`. - Added a match
Google Workspace Model Armor
Filter user-generated content for safety
Google Workspace Alert Center
Manage security alerts