audit-asc-pr
Installation
SKILL.md
Audit an ASC CLI pull request
Perform an evidence-first review of the entire pull request. Default to fix-forward work unless the user explicitly requests review-only.
Establish the contract
- Read
AGENTS.mdand resolve the repository, PR number, base branch, head branch, and exact head SHA. - Read the PR body, every commit, linked issues, current checks, reviews, and comments.
- Fetch thread-aware review state with GitHub GraphQL. Do not treat a flat comment list as proof that all review threads are resolved.
- State the behavior the PR claims to change and the evidence needed to prove it.
- Confirm whether the user authorized fixes, pushes, approval, or merge. An audit authorizes fix-forward changes in this repository, but approval and merge still require explicit user intent.
Isolate and inspect
- Use a dedicated worktree and local branch for the PR. Preserve the user's main checkout and unrelated worktrees.
- Inspect the full merge-base diff and all PR commits, not only the latest commit.
- Compare the implementation with the linked issue and current product behavior. Check architecture fit, compatibility, error paths, permissions, destructive operations, output contracts, and missing cleanup.
- Verify claims from bots or reviewers against code, schemas, and tests before editing.
- Identify the blast radius: commands, shared helpers, API resources, output formats, auth modes, and release surfaces affected.