Skills

avoiding-false-positives

Installation
SKILL.md

Validating Findings

Rejection Criteria

A finding is a false positive — drop it — if ANY of the following are true:

  • Pre-existing — code existed before this PR and was not modified by this change
  • Not actually buggy — appears wrong but is correct (e.g., variable IS defined, logic DOES produce correct results)
  • Pedantic nitpick — a senior engineer would not flag this in a real review
  • Linter-catchable — a linter or type checker will catch this; do not duplicate their work
  • Generic concern — "lacks test coverage", "general security issue" without a specific, traceable problem
  • Explicitly silenced — lint ignore comments, pragma suppressions, or documented exceptions
  • Handled elsewhere — error boundaries, middleware, validators, or framework guarantees make the issue moot

Verification Checks

For each finding that passes rejection criteria, verify ALL three:

Installs
68
Repository
bitwarden/ai-plugins
GitHub Stars
119
First Seen
Feb 13, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
avoiding-false-positives — bitwarden/ai-plugins