Skills

ios-code-audit

Installation
SKILL.md

iOS Code Audit Skill

Operating rules

  • Read-only investigation, single deliverable. No code changes — the output is CODE_AUDIT.md at the repo root.
  • Every finding cites path/to/file.swift:LINE (or a line range). "Throughout the codebase" is never acceptable for a Critical or High item.
  • Severity is assigned conservatively. Critical means crash / data loss / memory corruption / security exposure. Don't inflate. See the severity guide below.
  • Verify every Critical claim before propagating. Agents will sometimes overstate severity. Open the cited file and confirm the bug is real. If you can't reproduce the claim by reading the lines, demote or drop.
  • Group by root cause, not by occurrence. If one missing @MainActor annotation triggers seven warnings, that's one finding listing the seven sites, not seven findings.
  • Dead/ (or any explicitly-archived directory) is excluded. Check CLAUDE.md / project README for any "do not edit" directories before launching agents.

Workflow

Step 1 — Scope the codebase

Quick measurements to brief the agents:

Installs
133
Repository
jazzychad/ios-code-audit
GitHub Stars
27
First Seen
May 21, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
ios-code-audit — jazzychad/ios-code-audit