Language- and framework-agnostic audit checklists for AI coding agents — security, correctness, and operability. Works with Claude Code, GitHub Copilot, Cursor, Codex CLI, OpenCode, and any agent that can read files.
Every checklist is written as invariants and detection smells, not framework APIs, so the same content audits a Rails app, a Spring service, or an Express API — the agent supplies the framework-specific translation.
/audit
on a 20-line money handler — six bugs a static-analysis scanner can't see, because each takes reasoning about ownership, concurrency, and retries, not pattern-matching. Every one flagged, with severity and a fix.
AGENTS.md
— a one-page digest of all 30 invariants; copy its content into your project'sAGENTS.md
so every agent has it in context..agents/skills/audit/
— the router skill, with all 30 checklists and remediation patterns bundled underreferences/
(four categories: access & data security, input/API, correctness, operability)..agents/skills/audit-*
— thin per-topic wrapper skills so each checklist is individually invocable (/audit-idor
,/audit-injection
,/audit-fix-authz
, …). Everything this package installs starts withaudit
, so it stays grouped among your other skills.
/audit
runs the full audit — it identifies what the code does and applies every matching checklist below. Each topic is also individually invocable (click through to read the checklist itself).
Works with any language or framework.Each checklist names eight common ecosystems in its concept glossary (Rails, Laravel, Django, Spring, Node, Vapor, .NET, Go) — those are recognition shortcuts,nota support list. The invariants and detection smells are framework-free, so the audits apply equally to Phoenix, FastAPI, Ktor, or your in-house stack: the agent supplies the translation.
| Audit | Checks for |
|---|---|
/audit-authorization |
/audit-authn-session
/audit-idor
/audit-data-exposure
/audit-crypto
/audit-output-encoding
/audit-tenant-isolation
/audit-csrf
/audit-mass-assignment
| Audit | Checks for |
|---|---|
/audit-injection |
/audit-config
/audit-secrets
/audit-api-validation
/audit-file-handling
/audit-ssrf
/audit-parser-differentials
| Audit | Checks for |
|---|---|
/audit-atomicity |
/audit-idempotency
/audit-background-work
/audit-state-management
/audit-exception-handling
/audit-discarded-async
/audit-cardinality
| Audit | Checks for |
|---|---|
/audit-nplus1 |
/audit-observability
/audit-migration-safety
/audit-resource-limits
/audit-blocking-io-async
/audit-schema-design
/audit-statelessness
| Skill | Applies |
|---|---|
/audit-fix-authz |
/audit-fix-async
/audit-fix-observability
Copy the .agents
folder into your project — that's the whole install (it's just markdown; nothing executes):
git clone --depth 1 https://github.com/danygiguere/audit-skills /tmp/audit-skills && cp -R /tmp/audit-skills/.agents your-project/
Cursor can also install directly from the repo link, and if you use the
skills CLI:
npx skills add danygiguere/audit-skills --all
.
This repo's AGENTS.md is the one-page digest of all 30 invariants. Copy its content into your project's
AGENTS.md
(append it if
you already have one — never replace yours): merged there, it gives every
agent ambient awareness of the invariants on every prompt; without it, the
skills only activate when triggered. Its routing table points at the
installed skills folder.Claude Code note: Claude Code does not yet read .agents/skills/
(anthropics/claude-code#31005). Bridge it with:
mkdir -p .claude && ln -s ../.agents/skills .claude/skills
echo '@AGENTS.md' > CLAUDE.md # if you don't already have a CLAUDE.md
Instead of copying the skills into every project, you can clone
audit-skills
once and drop your projects inside the projects/
folder —
it is gitignored, so your code never shows up in git status
and a
git pull
(or git checkout vX.Y
) updates the skills without touching anything you put there.
git clone https://github.com/danygiguere/audit-skills
cp -R /path/to/myproject audit-skills/projects/myproject
Then audit from inside this repo:
/audit projects/myproject
To stay current: git pull
— your projects are untouched.
This is useful when you want to audit a repo you don't own or don't want to modify, or when you'd rather maintain one central copy of the skills instead of one per project.
Automatic— ask your agent to "review this endpoint" / "audit this diff"; the skills trigger on their descriptions.** By command**—/audit
for a full audit, or per topic:/audit-idor
,/audit-injection
,/audit-atomicity
, … All of them audit your current diff by default; name a file, folder, or branch to audit something else.By name— "run the idempotency checklist on this webhook handler".** Fixes**— after findings are confirmed:/audit-fix-authz
,/audit-fix-async
,/audit-fix-observability
(see "How fixes work").
Audits and fixes are deliberately separate steps. /audit
and the
audit-*
checklists only find and report — they never change code.
Fixing happens when you ask for it: say "fix those" after a report, or run
an audit-fix-*
command.
Every finding has a fix available; what differs is where it lives:
Most topics — the fix is in the checklist itself. Each checklist's
Example
section shows the vulnerable shape next to the fixed shape. For topics like injection, secrets, output encoding, or N+1 queries, the fix is mechanical and has one right answer (parameterize the query, move the secret to the environment, bulk-load before the loop). When you say "fix it", the agent applies that fixed shape — no extra command needed.
Eight topics — the fix is an architectural choice. Some findings have several valid fixes with real trade-offs (an idempotency bug: dedupe table, idempotency key, UPSERT, or an absolute-state write?). Those topics point to a remediation playbook that walks the agent through choosing:
| Findings from | Playbook | Command |
|---|---|---|
| authorization, IDOR, tenant isolation | remediation/authz-patterns.md |
|
/audit-fix-authz |
||
| atomicity, idempotency, background work, state management | remediation/async-patterns.md |
|
/audit-fix-async |
||
| observability | remediation/observability-patterns.md |
|
/audit-fix-observability |
Either way, the flow is the same: audit → confirmed findings → ask for the fix. Fixes follow the same rules everywhere: the smallest change that restores the invariant, matching the surrounding code style, with a test demonstrating the fix — and never mixed with unrelated refactoring.
The canonical version lives in VERSION. It is stamped into the two artifacts that travel into your project: the
audit
skill (a version:
field in its frontmatter plus a source footer) and the AGENTS.md
digest
(footer). Installed copies therefore always say what version they are and
where they come from — compare your stamp against this repo's VERSION
to
know whether you're outdated. (No need to copy VERSION
into your project — the stamps travel with the artifacts.) Your agent can do it for you: "check whether my audit-skills are up to date" gives it everything it needs.