Codebase Risk Audit

Use this skill to produce a focused risk audit of a repository. The audit looks for problems that could make the system hard to change, hard to operate, hard to test, unsafe around sensitive surfaces, or brittle under realistic failure.

The output is a decision aid, not a general critique. Findings must be tied to specific repository evidence and ranked by the risk they create.

Inputs

Collect only the context needed for the target repository and scope:

• User goal, explicit exclusions, and any risk areas they care about most.
• Repository structure, language toolchain, dependency manifests, and entry points.
• Existing tests, CI workflows, deployment scripts, runtime configuration, and operational documentation.
• Recent local diffs when the audit is about unmerged work.