npm - @vigolium/piolium - Versions diffs - 0.0.1 - Mend

@vigolium/piolium 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (271) hide show

package/LICENSE +21 -0
package/README.md +117 -0
package/agents/access-auditor.md +300 -0
package/agents/assumption-breaker.md +154 -0
package/agents/attack-designer.md +116 -0
package/agents/code-scanner.md +139 -0
package/agents/concurrency-auditor.md +238 -0
package/agents/confirm-writer.md +257 -0
package/agents/context-reviewer.md +274 -0
package/agents/cross-verifier.md +165 -0
package/agents/cve-scout.md +381 -0
package/agents/env-builder.md +282 -0
package/agents/env-profiler.md +205 -0
package/agents/evidence-collector.md +140 -0
package/agents/finding-grader.md +142 -0
package/agents/finding-writer.md +148 -0
package/agents/flow-tracer.md +106 -0
package/agents/goal-backtracer.md +146 -0
package/agents/history-miner.md +467 -0
package/agents/independent-verifier.md +118 -0
package/agents/intent-mapper.md +183 -0
package/agents/longshot-collector.md +128 -0
package/agents/longshot-prober.md +126 -0
package/agents/patch-auditor.md +73 -0
package/agents/poc-author.md +124 -0
package/agents/poc-runner.md +194 -0
package/agents/probe-lead.md +269 -0
package/agents/red-challenger.md +101 -0
package/agents/report-composer.md +208 -0
package/agents/review-adjudicator.md +216 -0
package/agents/spec-auditor.md +155 -0
package/agents/taint-tracer.md +265 -0
package/agents/test-locator.md +209 -0
package/agents/threat-modeler.md +132 -0
package/agents/variant-scanner.md +108 -0
package/agents/variant-spotter.md +110 -0
package/bin/piolium.mjs +376 -0
package/extensions/piolium/_vendor/yaml.bundle.d.mts +6 -0
package/extensions/piolium/_vendor/yaml.bundle.mjs +139 -0
package/extensions/piolium/agent-runner.ts +322 -0
package/extensions/piolium/agents.ts +266 -0
package/extensions/piolium/audit-state.ts +522 -0
package/extensions/piolium/bundled-resources.ts +97 -0
package/extensions/piolium/candidate-scan.ts +966 -0
package/extensions/piolium/command-target.ts +177 -0
package/extensions/piolium/console-stream.ts +57 -0
package/extensions/piolium/export-results.ts +380 -0
package/extensions/piolium/findings.ts +448 -0
package/extensions/piolium/heartbeat.ts +182 -0
package/extensions/piolium/help.ts +234 -0
package/extensions/piolium/index.ts +1865 -0
package/extensions/piolium/longshot.ts +530 -0
package/extensions/piolium/matcher-suggestions.ts +196 -0
package/extensions/piolium/matcher-utils.ts +83 -0
package/extensions/piolium/modes/balanced.ts +750 -0
package/extensions/piolium/modes/confirm-bootstrap.ts +186 -0
package/extensions/piolium/modes/confirm.ts +697 -0
package/extensions/piolium/modes/deep.ts +917 -0
package/extensions/piolium/modes/diff.ts +177 -0
package/extensions/piolium/modes/lite.ts +540 -0
package/extensions/piolium/modes/longshot.ts +595 -0
package/extensions/piolium/modes/merge.ts +204 -0
package/extensions/piolium/modes/phase-runner.ts +267 -0
package/extensions/piolium/modes/reinvest.ts +546 -0
package/extensions/piolium/modes/revisit.ts +279 -0
package/extensions/piolium/modes.ts +48 -0
package/extensions/piolium/phase-labels.ts +123 -0
package/extensions/piolium/phase-status-strip.ts +92 -0
package/extensions/piolium/prompt-prefix-editor.ts +39 -0
package/extensions/piolium/providers/anthropic-vertex.ts +836 -0
package/extensions/piolium/recon.ts +409 -0
package/extensions/piolium/result-stats.ts +105 -0
package/extensions/piolium/retry.ts +120 -0
package/extensions/piolium/scheduler.ts +212 -0
package/extensions/piolium/secrets.ts +368 -0
package/extensions/piolium/tools/web-tools.ts +148 -0
package/package.json +77 -0
package/skills/agentic-actions-auditor/SKILL.md +327 -0
package/skills/agentic-actions-auditor/references/action-profiles.md +186 -0
package/skills/agentic-actions-auditor/references/cross-file-resolution.md +209 -0
package/skills/agentic-actions-auditor/references/foundations.md +94 -0
package/skills/agentic-actions-auditor/references/vector-a-env-var-intermediary.md +77 -0
package/skills/agentic-actions-auditor/references/vector-b-direct-expression-injection.md +83 -0
package/skills/agentic-actions-auditor/references/vector-c-cli-data-fetch.md +83 -0
package/skills/agentic-actions-auditor/references/vector-d-pr-target-checkout.md +88 -0
package/skills/agentic-actions-auditor/references/vector-e-error-log-injection.md +88 -0
package/skills/agentic-actions-auditor/references/vector-f-subshell-expansion.md +82 -0
package/skills/agentic-actions-auditor/references/vector-g-eval-of-ai-output.md +91 -0
package/skills/agentic-actions-auditor/references/vector-h-dangerous-sandbox-configs.md +102 -0
package/skills/agentic-actions-auditor/references/vector-i-wildcard-allowlists.md +88 -0
package/skills/audit/SKILL.md +562 -0
package/skills/audit/assets/icon.svg +7 -0
package/skills/audit/hooks/scripts/validate_phase_output.py +550 -0
package/skills/audit/references/adversarial-review.md +148 -0
package/skills/audit/references/architecture-aware-sast.md +306 -0
package/skills/audit/references/audit-workflow.md +737 -0
package/skills/audit/references/chamber-protocol.md +384 -0
package/skills/audit/references/creative-attack-modes.md +221 -0
package/skills/audit/references/deep-analysis.md +273 -0
package/skills/audit/references/domain-attack-playbooks.md +1129 -0
package/skills/audit/references/knowledge-base-template.md +513 -0
package/skills/audit/references/real-env-validation.md +191 -0
package/skills/audit/references/report-templates.md +417 -0
package/skills/audit/references/triage-and-prereqs.md +134 -0
package/skills/audit/scripts/consolidate_drafts.py +554 -0
package/skills/audit/scripts/partition_findings.py +152 -0
package/skills/audit/scripts/rg-hotspots.sh +121 -0
package/skills/audit/scripts/stamp_file_state.py +349 -0
package/skills/code-reviewer/SKILL.md +65 -0
package/skills/codeql/SKILL.md +281 -0
package/skills/codeql/references/build-fixes.md +90 -0
package/skills/codeql/references/diagnostic-query-templates.md +339 -0
package/skills/codeql/references/extension-yaml-format.md +209 -0
package/skills/codeql/references/important-only-suite.md +153 -0
package/skills/codeql/references/language-details.md +207 -0
package/skills/codeql/references/macos-arm64e-workaround.md +179 -0
package/skills/codeql/references/performance-tuning.md +111 -0
package/skills/codeql/references/quality-assessment.md +172 -0
package/skills/codeql/references/ruleset-catalog.md +63 -0
package/skills/codeql/references/run-all-suite.md +92 -0
package/skills/codeql/references/sarif-processing.md +79 -0
package/skills/codeql/references/threat-models.md +51 -0
package/skills/codeql/workflows/build-database.md +280 -0
package/skills/codeql/workflows/create-data-extensions.md +261 -0
package/skills/codeql/workflows/run-analysis.md +301 -0
package/skills/differential-review/SKILL.md +220 -0
package/skills/differential-review/adversarial.md +203 -0
package/skills/differential-review/methodology.md +234 -0
package/skills/differential-review/patterns.md +300 -0
package/skills/differential-review/reporting.md +369 -0
package/skills/fp-check/SKILL.md +125 -0
package/skills/fp-check/references/bug-class-verification.md +114 -0
package/skills/fp-check/references/deep-verification.md +143 -0
package/skills/fp-check/references/evidence-templates.md +91 -0
package/skills/fp-check/references/false-positive-patterns.md +115 -0
package/skills/fp-check/references/gate-reviews.md +27 -0
package/skills/fp-check/references/standard-verification.md +78 -0
package/skills/insecure-defaults/SKILL.md +117 -0
package/skills/insecure-defaults/references/examples.md +409 -0
package/skills/last30days/SKILL.md +444 -0
package/skills/sarif-parsing/SKILL.md +483 -0
package/skills/sarif-parsing/resources/jq-queries.md +162 -0
package/skills/sarif-parsing/resources/sarif_helpers.py +331 -0
package/skills/security-threat-model/LICENSE.txt +201 -0
package/skills/security-threat-model/SKILL.md +81 -0
package/skills/security-threat-model/agents/openai.yaml +4 -0
package/skills/security-threat-model/references/prompt-template.md +255 -0
package/skills/security-threat-model/references/security-controls-and-assets.md +32 -0
package/skills/semgrep/SKILL.md +212 -0
package/skills/semgrep/references/rulesets.md +162 -0
package/skills/semgrep/references/scan-modes.md +110 -0
package/skills/semgrep/references/scanner-task-prompt.md +140 -0
package/skills/semgrep/scripts/merge_sarif.py +203 -0
package/skills/semgrep/workflows/scan-workflow.md +311 -0
package/skills/semgrep-rule-creator/SKILL.md +168 -0
package/skills/semgrep-rule-creator/references/quick-reference.md +202 -0
package/skills/semgrep-rule-creator/references/workflow.md +240 -0
package/skills/semgrep-rule-variant-creator/SKILL.md +205 -0
package/skills/semgrep-rule-variant-creator/references/applicability-analysis.md +250 -0
package/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md +324 -0
package/skills/semgrep-rule-variant-creator/references/workflow.md +518 -0
package/skills/sharp-edges/SKILL.md +292 -0
package/skills/sharp-edges/references/auth-patterns.md +252 -0
package/skills/sharp-edges/references/case-studies.md +274 -0
package/skills/sharp-edges/references/config-patterns.md +333 -0
package/skills/sharp-edges/references/crypto-apis.md +190 -0
package/skills/sharp-edges/references/lang-c.md +205 -0
package/skills/sharp-edges/references/lang-csharp.md +285 -0
package/skills/sharp-edges/references/lang-go.md +270 -0
package/skills/sharp-edges/references/lang-java.md +263 -0
package/skills/sharp-edges/references/lang-javascript.md +269 -0
package/skills/sharp-edges/references/lang-kotlin.md +265 -0
package/skills/sharp-edges/references/lang-php.md +245 -0
package/skills/sharp-edges/references/lang-python.md +274 -0
package/skills/sharp-edges/references/lang-ruby.md +273 -0
package/skills/sharp-edges/references/lang-rust.md +272 -0
package/skills/sharp-edges/references/lang-swift.md +287 -0
package/skills/sharp-edges/references/language-specific.md +588 -0
package/skills/spec-to-code-compliance/SKILL.md +357 -0
package/skills/spec-to-code-compliance/resources/COMPLETENESS_CHECKLIST.md +69 -0
package/skills/spec-to-code-compliance/resources/IR_EXAMPLES.md +417 -0
package/skills/spec-to-code-compliance/resources/OUTPUT_REQUIREMENTS.md +105 -0
package/skills/supply-chain-risk-auditor/SKILL.md +67 -0
package/skills/supply-chain-risk-auditor/resources/results-template.md +41 -0
package/skills/variant-analysis/METHODOLOGY.md +327 -0
package/skills/variant-analysis/SKILL.md +142 -0
package/skills/variant-analysis/resources/codeql/cpp.ql +119 -0
package/skills/variant-analysis/resources/codeql/go.ql +69 -0
package/skills/variant-analysis/resources/codeql/java.ql +71 -0
package/skills/variant-analysis/resources/codeql/javascript.ql +63 -0
package/skills/variant-analysis/resources/codeql/python.ql +80 -0
package/skills/variant-analysis/resources/semgrep/cpp.yaml +98 -0
package/skills/variant-analysis/resources/semgrep/go.yaml +63 -0
package/skills/variant-analysis/resources/semgrep/java.yaml +61 -0
package/skills/variant-analysis/resources/semgrep/javascript.yaml +60 -0
package/skills/variant-analysis/resources/semgrep/python.yaml +72 -0
package/skills/variant-analysis/resources/variant-report-template.md +75 -0
package/skills/vuln-report/SKILL.md +137 -0
package/skills/vuln-report/agents/openai.yaml +4 -0
package/skills/vuln-report/references/report-template.md +135 -0
package/skills/wooyun-legacy/SKILL.md +367 -0
package/skills/wooyun-legacy/references/bank-penetration.md +222 -0
package/skills/wooyun-legacy/references/checklists/command-execution-checklist.md +119 -0
package/skills/wooyun-legacy/references/checklists/csrf-checklist.md +74 -0
package/skills/wooyun-legacy/references/checklists/file-upload-checklist.md +108 -0
package/skills/wooyun-legacy/references/checklists/info-disclosure-checklist.md +114 -0
package/skills/wooyun-legacy/references/checklists/logic-flaws-checklist.md +95 -0
package/skills/wooyun-legacy/references/checklists/misconfig-checklist.md +124 -0
package/skills/wooyun-legacy/references/checklists/path-traversal-checklist.md +87 -0
package/skills/wooyun-legacy/references/checklists/rce-checklist.md +93 -0
package/skills/wooyun-legacy/references/checklists/sql-injection-checklist.md +97 -0
package/skills/wooyun-legacy/references/checklists/ssrf-checklist.md +99 -0
package/skills/wooyun-legacy/references/checklists/unauthorized-access-checklist.md +89 -0
package/skills/wooyun-legacy/references/checklists/weak-password-checklist.md +115 -0
package/skills/wooyun-legacy/references/checklists/xss-checklist.md +103 -0
package/skills/wooyun-legacy/references/checklists/xxe-checklist.md +130 -0
package/skills/wooyun-legacy/references/info-disclosure.md +975 -0
package/skills/wooyun-legacy/references/logic-flaws.md +721 -0
package/skills/wooyun-legacy/references/path-traversal.md +1191 -0
package/skills/wooyun-legacy/references/telecom-penetration.md +156 -0
package/skills/wooyun-legacy/references/unauthorized-access.md +980 -0
package/skills/wooyun-legacy/references/xss.md +746 -0
package/skills/zeroize-audit/SKILL.md +371 -0
package/skills/zeroize-audit/configs/c.yaml +21 -0
package/skills/zeroize-audit/configs/default.yaml +128 -0
package/skills/zeroize-audit/configs/rust.yaml +83 -0
package/skills/zeroize-audit/prompts/report_template.md +238 -0
package/skills/zeroize-audit/prompts/system.md +163 -0
package/skills/zeroize-audit/prompts/task.md +97 -0
package/skills/zeroize-audit/references/compile-commands.md +231 -0
package/skills/zeroize-audit/references/detection-strategy.md +191 -0
package/skills/zeroize-audit/references/ir-analysis.md +252 -0
package/skills/zeroize-audit/references/mcp-analysis.md +221 -0
package/skills/zeroize-audit/references/poc-generation.md +470 -0
package/skills/zeroize-audit/references/rust-zeroization-patterns.md +867 -0
package/skills/zeroize-audit/schemas/input.json +83 -0
package/skills/zeroize-audit/schemas/output.json +140 -0
package/skills/zeroize-audit/tools/analyze_asm.sh +202 -0
package/skills/zeroize-audit/tools/analyze_cfg.py +381 -0
package/skills/zeroize-audit/tools/analyze_heap.sh +211 -0
package/skills/zeroize-audit/tools/analyze_ir_semantic.py +429 -0
package/skills/zeroize-audit/tools/diff_ir.sh +135 -0
package/skills/zeroize-audit/tools/diff_rust_mir.sh +189 -0
package/skills/zeroize-audit/tools/emit_asm.sh +67 -0
package/skills/zeroize-audit/tools/emit_ir.sh +77 -0
package/skills/zeroize-audit/tools/emit_rust_asm.sh +178 -0
package/skills/zeroize-audit/tools/emit_rust_ir.sh +150 -0
package/skills/zeroize-audit/tools/emit_rust_mir.sh +158 -0
package/skills/zeroize-audit/tools/extract_compile_flags.py +284 -0
package/skills/zeroize-audit/tools/generate_poc.py +1329 -0
package/skills/zeroize-audit/tools/mcp/apply_confidence_gates.py +113 -0
package/skills/zeroize-audit/tools/mcp/check_mcp.sh +68 -0
package/skills/zeroize-audit/tools/mcp/normalize_mcp_evidence.py +125 -0
package/skills/zeroize-audit/tools/scripts/check_llvm_patterns.py +481 -0
package/skills/zeroize-audit/tools/scripts/check_mir_patterns.py +554 -0
package/skills/zeroize-audit/tools/scripts/check_rust_asm.py +424 -0
package/skills/zeroize-audit/tools/scripts/check_rust_asm_aarch64.py +300 -0
package/skills/zeroize-audit/tools/scripts/check_rust_asm_x86.py +283 -0
package/skills/zeroize-audit/tools/scripts/find_dangerous_apis.py +375 -0
package/skills/zeroize-audit/tools/scripts/semantic_audit.py +923 -0
package/skills/zeroize-audit/tools/track_dataflow.sh +196 -0
package/skills/zeroize-audit/tools/validate_rust_toolchain.sh +298 -0
package/skills/zeroize-audit/workflows/phase-0-preflight.md +150 -0
package/skills/zeroize-audit/workflows/phase-1-source-analysis.md +144 -0
package/skills/zeroize-audit/workflows/phase-2-compiler-analysis.md +139 -0
package/skills/zeroize-audit/workflows/phase-3-interim-report.md +46 -0
package/skills/zeroize-audit/workflows/phase-4-poc-generation.md +46 -0
package/skills/zeroize-audit/workflows/phase-5-poc-validation.md +136 -0
package/skills/zeroize-audit/workflows/phase-6-final-report.md +44 -0
package/skills/zeroize-audit/workflows/phase-7-test-generation.md +42 -0
package/themes/piolium-srcery.json +94 -0

package/skills/sharp-edges/references/lang-swift.md ADDED Viewed

@@ -0,0 +1,287 @@
+# Swift Sharp Edges
+## Force Unwrapping
+```swift
+// DANGEROUS: Crashes on nil
+let value = optionalValue!  // Runtime crash if nil
+// Common in:
+let cell = tableView.dequeueReusableCell(...)!
+let url = URL(string: userInput)!
+let data = try! JSONDecoder().decode(...)
+// DANGEROUS: Implicitly Unwrapped Optionals
+var name: String!  // IUO - crashes if accessed while nil
+class ViewController: UIViewController {
+    @IBOutlet weak var label: UILabel!  // Nil before viewDidLoad
+}
+```
+**Fix**: Use optional binding or nil-coalescing:
+```swift
+if let value = optionalValue {
+    use(value)
+}
+let value = optionalValue ?? defaultValue
+guard let value = optionalValue else { return }
+```
+## try! and try?
+```swift
+// DANGEROUS: try! crashes on error
+let data = try! Data(contentsOf: url)
+// DANGEROUS: try? silently converts error to nil
+let data = try? Data(contentsOf: url)
+// No way to know if failure was "file not found" or "permission denied"
+// DANGEROUS: Ignoring error completely
+do {
+    try riskyOperation()
+} catch {
+    // Error swallowed
+}
+```
+**Fix**: Handle errors explicitly:
+```swift
+do {
+    let data = try Data(contentsOf: url)
+} catch let error as NSError where error.code == NSFileNoSuchFileError {
+    // Handle file not found
+} catch {
+    // Handle other errors
+}
+```
+## as! Force Cast
+```swift
+// DANGEROUS: Crashes if cast fails
+let user = object as! User
+// Common antipattern:
+let cell = tableView.dequeueReusableCell(...) as! CustomCell
+// Crashes if wrong identifier or wrong class
+```
+**Fix**: Use conditional cast:
+```swift
+if let user = object as? User {
+    use(user)
+}
+guard let user = object as? User else {
+    return  // or handle error
+}
+```
+## String/NSString Bridging
+```swift
+// DANGEROUS: Different indexing semantics
+let nsString: NSString = "café"
+let swiftString = nsString as String
+nsString.length        // 5 (UTF-16 code units)
+swiftString.count      // 4 (extended grapheme clusters)
+// Range confusion:
+let range = nsString.range(of: "é")  // NSRange (UTF-16)
+// Can't directly use with String (uses String.Index)
+// DANGEROUS: Emoji handling
+let emoji = "👨‍👩‍👧‍👦"  // Family emoji
+emoji.count           // 1 (grapheme cluster)
+emoji.utf16.count     // 11 (UTF-16)
+(emoji as NSString).length  // 11
+```
+## Reference Cycles
+```swift
+// DANGEROUS: Strong reference cycles cause memory leaks
+class Person {
+    var apartment: Apartment?
+}
+class Apartment {
+    var tenant: Person?  // Strong reference
+}
+let john = Person()
+let apt = Apartment()
+john.apartment = apt
+apt.tenant = john  // Cycle! Neither deallocated
+// DANGEROUS: Closures capture self strongly
+class MyClass {
+    var callback: (() -> Void)?
+    func setup() {
+        callback = {
+            self.doSomething()  // Strong capture of self
+        }
+    }
+}
+```
+**Fix**: Use `weak` or `unowned`:
+```swift
+class Apartment {
+    weak var tenant: Person?  // Weak breaks cycle
+}
+callback = { [weak self] in
+    self?.doSomething()
+}
+```
+## Array/Dictionary Thread Safety
+```swift
+// DANGEROUS: Collections are not thread-safe
+var array = [Int]()
+// Thread 1:
+array.append(1)
+// Thread 2:
+array.append(2)
+// Crash or corruption possible!
+```
+**Fix**: Use serial dispatch queue, locks, or actors (Swift 5.5+):
+```swift
+actor SafeStorage {
+    private var items = [Int]()
+    func add(_ item: Int) {
+        items.append(item)
+    }
+}
+```
+## Numeric Overflow
+```swift
+// In debug: crashes (overflow check)
+// In release: also crashes by default (unlike C)
+let x: Int8 = 127
+let y = x + 1  // Fatal error: arithmetic overflow
+// BUT: If using &+ operators, wraps silently
+let y = x &+ 1  // -128 (wrapping)
+```
+This is safer than C, but `&+` operators can still cause issues.
+## Uninitialized Properties
+```swift
+// DANGEROUS: Accessing before initialization
+class MyClass {
+    var value: Int
+    init() {
+        print(value)  // Compile error in Swift, thankfully
+        value = 42
+    }
+}
+// BUT: @objc interop can bypass
+// AND: Unsafe pointers have no initialization guarantees
+```
+## Protocol Witness Table Issues
+```swift
+// DANGEROUS: Protocol with Self requirement
+protocol Equatable {
+    static func ==(lhs: Self, rhs: Self) -> Bool
+}
+// Can't use heterogeneously:
+var items: [Equatable] = [...]  // Error!
+// Must use type erasure or existentials
+```
+## KeyPath Subscript Confusion
+```swift
+// DANGEROUS: Similar syntax, different behavior
+struct User {
+    var name: String
+    subscript(key: String) -> String? { ... }
+}
+user["name"]       // Calls subscript
+user[keyPath: \.name]  // Uses KeyPath
+// Easy to confuse when debugging
+```
+## Codable Pitfalls
+```swift
+// DANGEROUS: Decoding fails silently with wrong types
+struct User: Codable {
+    var id: Int
+}
+// JSON: {"id": "123"}  // String, not Int
+// Throws DecodingError, but often caught broadly
+// DANGEROUS: Missing keys
+struct User: Codable {
+    var id: Int
+    var name: String  // Required
+}
+// JSON: {"id": 1}  // Missing "name"
+// Throws, but error message may not be clear
+```
+**Fix**: Use explicit CodingKeys and handle errors:
+```swift
+struct User: Codable {
+    var id: Int
+    var name: String?  // Optional for missing keys
+    enum CodingKeys: String, CodingKey {
+        case id
+        case name
+    }
+}
+```
+## Objective-C Interop
+```swift
+// DANGEROUS: Objective-C returns nullable even when Swift sees non-optional
+@objc func legacyMethod() -> NSString  // May actually return nil
+// DANGEROUS: Objective-C exceptions not caught by Swift
+// NSException bypasses Swift error handling
+// DANGEROUS: Objective-C performSelector
+let result = obj.perform(NSSelectorFromString(userInput))
+// Can call any method!
+```
+## Detection Patterns
+| Pattern | Risk |
+|---------|------|
+| `!` force unwrap | Crash on nil |
+| `as!` force cast | Crash on type mismatch |
+| `try!` | Crash on error |
+| `try?` without handling nil | Silent failure |
+| `String!` IUO types | Deferred crash |
+| Closure capturing `self` without `[weak self]` | Memory leak |
+| Collections modified from multiple threads | Race condition |
+| NSString/String conversion with ranges | Index mismatch |
+| `&+`, `&-`, `&*` operators | Silent overflow |
+| `@objc` methods returning non-optional | Nil bridge issues |