Debug Pysa false negatives by comparing outputs and locating lost taint flows.
The material indicates this is essentially a prompt-based debugging workflow from an open-source repository, and the system flags it as prompt-only with no declared secrets or remote endpoints. Overall risk is low, though the README includes local command and internal URL/directory examples, so users should still avoid exposing internal data or executing steps in inappropriate environments.
The material explicitly says no keys or environment variables are required, and the README does not request API tokens, account credentials, or persistent authentication data; no direct credential collection or abuse pattern is evident.
No remote endpoint is declared, and the system checks do not indicate network activity. The internalfb issue URL in the README appears to be an input example, with no stated behavior of sending user data to third-party services.
The system has classified it as prompt-only; although the README shows commands like `db` and `buck run` as manual debugging steps, the material indicates documentation/prompt content rather than a built-in executable tool, so there is no evidence of automatic code execution by the skill itself.
The skill description involves comparing two Pysa output directories and parsing issue information, but as prompt-only material it does not itself declare automatic read/write access to files, databases, or system resources; no sign of overbroad authorization is present.
The source points to the open-source GitHub repository `facebook/pyre-check`, making the code auditable, which is a strong risk-reducing factor. While 0 stars, no declared license, and unknown maintenance add some sustainability uncertainty, they are not sufficient on their own to raise this to high risk.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "pysa-false-negative-debugger" skill from askskill: 1. Download https://raw.githubusercontent.com/facebook/pyre-check/main/.llms/skills/pysa-false-negative-debugger/SKILL.md 2. Save it as ~/.claude/skills/pysa-false-negative-debugger/SKILL.md 3. Reload skills and tell me it's ready
Help me debug a Pysa false negative. I expect this source parameter to reach a sink, but no issue is reported. Analyze where the taint flow may be lost across the call chain, models, or feature handling, and suggest debugging steps.
Identifies likely breakpoints in the taint flow, key inspection points, and next validation steps.
I have two Pysa output directories, one from an older version and one from a newer version. Compare them, find why the newer run is missing an expected taint issue, and point out the likely affected rules, models, or call relationships.
Provides a diff summary and explains potential reasons and clues for the missing issue.
Using this code and Pysa analysis results, trace the taint propagation from source to sink and pinpoint exactly where it is cut off in a function, return value, parameter passing step, or model definition.
Returns a clear propagation path and highlights the exact location where taint is lost.
Systematic workflow that identifies exactly where and why taint flow is lost by comparing two Pysa result directories. Accepts static analysis issue URLs (e.g., https://www.internalfb.com/security/static_analysis/issue/<issue_instance_id>?database=<database>).
REQUIRED BACKGROUND: Load the pysa-json-models skill to understand trace element syntax (ports, call info, kinds).
The user must provide:
https://www.internalfb.com/security/static_analysis/issue/<issue_instance_id>?database=<database>From the URL, extract:
216172782209137158)database query parameter (e.g., xdb.pysa-instagram-sharded.1)Get the issue handle:
db <database> -e "SELECT handle FROM issues WHERE id=(SELECT issue_id FROM issue_instances WHERE id=<issue_instance_id>);"
If the query fails, ask the user for help.
Example handle:
accounts.service.Service.async_is_phone_suspicious:5120:0:Call|accounts.service.Service._async_helper|0|f:ec82abb59a9d0e207fe4f5acc361f0ad
Extract:
: (e.g., accounts.service.Service.async_is_phone_suspicious): (e.g., 5120)All commands below use buck run to invoke the explorer. The shorthand <explorer> means:
buck run fbcode//tools/pyre/tools/pysa_model_explorer_cli:pysa_model_explorer --
Run <explorer> --help for usage details.
Suppressing build noise: Always append 2>/dev/null to explorer commands to suppress buck build output that clutters the results. Only retry without 2>/dev/null if the command produces empty or unexpected output, so you can see the actual error message from buck.
Confirm the issue exists in FOUND:
<explorer> /tmp/FOUND get-issues <root-callable> --handle <handle>
If not found, ask the user for help.
Confirm it does NOT exist (or is very different) in NOT-FOUND:
<explorer> /tmp/NOT-FOUND get-issues <root-callable> --code <code>
The result should be empty or contain very different issues (different locations).
Check these options in order: A → B → C.
In the issue from FOUND, examine "traces" → entries with "name": "forward".
Each root (trace element) may have multiple kinds with different "length" values. Pick the root whose minimum "length" across its kinds is smallest (missing length = 0, which is always shortest).
If it's an origin: the source comes from a user-annotated function. Check if at least one of the leaves have a model in NOT-FOUND:
<explorer> /tmp/NOT-FOUND get-model <leaf-callable> --show sources --kind <kind>
If none of the leaves have source taint in NOT-FOUND, taint is lost at one of these leaf callables. If at least one does, the source trace is intact — move to Option B.
If it's a call with "resolves_to": [<callee-callable>, ...]: check if those callables have source taint in NOT-FOUND. If there are multiple entries (overrides), check all of them — taint is lost only if ALL are missing:
<explorer> /tmp/NOT-FOUND get-model <callee-callable> --show sources --kind <kind>
Interpret the results:
…
Apply the right commit prefix, reviewer, and test plan for code changes.
Read, write, and debug Pysa JSON taint models and .models output.
Run, debug, and update Pysa taint analysis end-to-end integration tests.
Understand the Pyre/Pysa architecture and locate key implementations quickly.
Get idiomatic Relay guidance for React code, debugging, and code reviews.
Write and run Markdown-driven end-to-end tests for Relay apps.
Analyze bugs and tracebacks to find root causes and likely fixes.
Lets AI inspect runtime evidence to diagnose and fix root causes.
Systematically reproduce, isolate, diagnose, and fix tricky software or environment issues.
Perform static taint analysis on Python code to detect security vulnerabilities.
Analyze memory dumps for forensic investigations with fast, plugin-rich workflows.
Debug ARM Cortex-M targets via GDB/OpenOCD with inspection and peripheral decoding.