production-placeholder-audit

Find implementation artifacts that make production behavior less real than it looks: mocks, stubs, fake paths, test-only modules, inert adapters, placeholder branches, dummy credentials, and comments that imply future behavior while current code silently succeeds.

Critical Constraints

• Evidence first. Every finding needs a concrete file:line, quoted or summarized signal, and a reason it is reachable or relevant. Do not report vibes.
• Production reachability matters. Test fixtures under test-only paths are not findings unless they are imported by production code, packaged in a runtime artifact, selected by config, or exposed through a public path.
• Do not count harmless TODOs alone. A placeholder is actionable only when behavior is missing, fake, misleading, externally visible, or able to mask failure.
• Separate suspicious from confirmed. Keep weak signals in a "needs follow-up" section instead of presenting them as defects.
• Stay read-only by default. This skill audits and reports; it does not rewrite code or delete test helpers.

Workflow / Methodology

Phase 1: Map the production surface

Identify where production code enters and what gets packaged: