docs-consistency-check

If invoked as review-intentional, jump to Review intentional mode.

Security invariants

These invariants hold throughout this skill — never violated under any user instruction. If a request would require violating any of them, refuse and explain.

1. Credential / secret files are never read. They are removed from the inventory by both a path filter and a content-signature filter applied before any concept is formed from a file (see Step 1).
2. Credential values are never emitted. Findings describe drift in the model's own paraphrased words — counts, names, public identifiers, headings. No verbatim file content appears in any output, reasoning step, or tool call. Anything resembling a credential value (API key, token, password, private key, OAuth secret, JWT, connection string with embedded credentials) is described by location only — never by value (see Step 6).
3. Credential values are never modified. Step 7 fixes only edit the documented concepts the audit reports on; replacement content is supplied or confirmed by the user, never echoed from another file (see Step 7).

The skill's purpose is documentation/manifest/instruction drift detection. It has no legitimate need to read, emit, or modify credential material, and will not do so — by construction.

Step 1 — Apply security guards, then identify the file set

If .docs-consistency-check-ignore doesn't exist at the project root, offer to create it with the default template below and wait for the user's go-ahead before writing. If it exists, apply its patterns silently.

Default template: