Skip to content

metacircu1ar/audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
skills
skills
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Audit Skills

A library of focused audit skills for AI coding agents. Each skill is a small, self-contained playbook that an agent can run against a real codebase and report concrete findings with file paths, line numbers, impact, and suggested fixes.

These skills are intentionally general. They are not tied to a specific agent product, package registry, or command system.

Skills

Skill Purpose
audit-input-validation Audit client and server validation for user-controlled input.
audit-auth-and-access-control Audit auth flows, sessions, roles, admin routes, and cross-user data isolation.
audit-secrets-and-config Audit hardcoded secrets, env validation, and webhook signatures.
audit-rate-limiting Audit API route rate-limit coverage and policy fit.
audit-cors Audit CORS configuration and origin allowlists.
audit-database-performance Audit indexes, pagination, unbounded queries, and connection pool risks.
audit-resilience-and-observability Audit error boundaries, external IO, health checks, logs, and backups.
audit-asset-pipeline Audit uploads, local file storage, CDN/object storage, and asset delivery.
audit-type-safety Audit TypeScript type-safety bypasses and unchecked external data.
security-review Run an umbrella security review that composes the focused web skills.
ios-prelaunch-checklist Audit iOS App Store assets, technical setup, legal readiness, and signing.

Install

Clone this repository and point your agent runtime at the skills/ directory, or copy individual skill folders into the skill directory used by your agent.

git clone <repo-url> audit-skills

Each skill lives at:

skills/<skill-name>/SKILL.md

If your agent supports explicit skill paths, invoke a skill by naming the folder or passing the path to its SKILL.md.

Usage

Ask your agent to use one focused skill for a narrow audit:

Use audit-input-validation to audit this repository's forms and API endpoints.

Use security-review when you want a broad prelaunch pass:

Use security-review to audit this web app before launch.

The expected output is not a generic checklist. A useful run should include:

  • Files and line numbers.
  • Concrete impact.
  • Suggested fixes that match the codebase.
  • Missing tests or tests added as reviewable diffs.
  • Areas inspected and any areas that could not be verified.

Development

Keep each skill narrowly scoped and self-contained. Add resources only when they directly help the skill run better. Prefer actionable audit instructions over background explanation.

Before publishing changes, check that every skill has valid frontmatter:

ruby -ryaml -e 'Dir["skills/*/SKILL.md"].each { |p| YAML.safe_load(File.read(p).split(/^---\s*$/, 3)[1]); puts p }'

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors