audit
Installation
SKILL.md
Overview
Run a structured, evidence-based audit of a codebase. Two phases always run in order: first detect context, then apply the requested domains.
Usage: /audit [domain?]
- No domain → run all domains (default)
- Available domains:
security|contracts|patterns|observability|ops|all
Safety
Do not run destructive operations (DB resets, production deploys, mass deletes, git push --force, etc.) unless the user explicitly asks in the same session. Use read-only inspection: read files, Glob, Grep, and read-only git commands (git log -1, git grep) — no history rewrites.
Phase 1 — Context Detection
Always runs first. Read the project to understand what you're working with. Identify and state explicitly: