Repo Bug Audit

IRON LAW: Do not submit a Bug unless code evidence, trigger path, realistic failure mode, and impact are all explicit.

Purpose

Find evidence-backed Bugs and architecture risk signals across one or more repositories, then package the results so developers can review, reproduce, triage, and fix them.

This skill is review-first. Do not patch code unless the user explicitly asks for fixes after the analysis.

Operating Rules

• Treat findings as static-analysis results until runtime validation proves otherwise.
• Prefer fewer real Bugs over hundreds of weak claims; keep weak leads in work/candidates/, not submitted findings.
• Prioritize infra-stability risks: data integrity, recovery, availability, resource leakage, storage/network performance, control-plane safety, security boundaries, and cross-system consistency.
• Use Deep Discussion Mode when the user explicitly asks for $brainstorming, when scope/output/risk definitions are still unstable, or when evolving this skill itself.
• Skip Deep Discussion Mode when the user asks for full automatic execution; apply the default workflow and keep progress moving.
• Treat related skills as optional accelerators, not hard dependencies; encourage installation only when they materially improve the current task.
• If a recommended skill is missing, continue by default. Ask before installing anything, and never interrupt explicitly automatic analysis runs for installation.