# Audit checklists for AI coding agents – 30 invariants, any language > Source: > Published: 2026-06-14 19:02:17+00:00 Language- and framework-agnostic audit checklists for AI coding agents — security, correctness, and operability. Works with Claude Code, GitHub Copilot, Cursor, Codex CLI, OpenCode, and any agent that can read files. Every checklist is written as **invariants and detection smells**, not framework APIs, so the same content audits a Rails app, a Spring service, or an Express API — the agent supplies the framework-specific translation. `/audit` on a 20-line money handler — six bugs a static-analysis scanner can't see, because each takes reasoning about ownership, concurrency, and retries, not pattern-matching. Every one flagged, with severity and a fix. `AGENTS.md` — a one-page digest of all 30 invariants; copy its content into your project's`AGENTS.md` so every agent has it in context.`.agents/skills/audit/` — the router skill, with all 30 checklists and remediation patterns bundled under`references/` (four categories: access & data security, input/API, correctness, operability).`.agents/skills/audit-*` — thin per-topic wrapper skills so each checklist is individually invocable (`/audit-idor` ,`/audit-injection` ,`/audit-fix-authz` , …). Everything this package installs starts with`audit` , so it stays grouped among your other skills. `/audit` runs the full audit — it identifies what the code does and applies every matching checklist below. Each topic is also individually invocable (click through to read the checklist itself). Works with any language or framework.Each checklist names eight common ecosystems in its concept glossary (Rails, Laravel, Django, Spring, Node, Vapor, .NET, Go) — those are recognition shortcuts,nota support list. The invariants and detection smells are framework-free, so the audits apply equally to Phoenix, FastAPI, Ktor, or your in-house stack: the agent supplies the translation. | Audit | Checks for | |---|---| `/audit-authorization` | `/audit-authn-session` `/audit-idor` `/audit-data-exposure` `/audit-crypto` `/audit-output-encoding` `/audit-tenant-isolation` `/audit-csrf` `/audit-mass-assignment` | Audit | Checks for | |---|---| `/audit-injection` | `/audit-config` `/audit-secrets` `/audit-api-validation` `/audit-file-handling` `/audit-ssrf` `/audit-parser-differentials` | Audit | Checks for | |---|---| `/audit-atomicity` | `/audit-idempotency` `/audit-background-work` `/audit-state-management` `/audit-exception-handling` `/audit-discarded-async` `/audit-cardinality` | Audit | Checks for | |---|---| `/audit-nplus1` | `/audit-observability` `/audit-migration-safety` `/audit-resource-limits` `/audit-blocking-io-async` `/audit-schema-design` `/audit-statelessness` | Skill | Applies | |---|---| `/audit-fix-authz` | `/audit-fix-async` `/audit-fix-observability` Copy the `.agents` folder into your project — that's the whole install (it's just markdown; nothing executes): ``` git clone --depth 1 https://github.com/danygiguere/audit-skills /tmp/audit-skills && cp -R /tmp/audit-skills/.agents your-project/ ``` **Cursor** can also install directly from the repo link, and if you use the [skills CLI](https://github.com/vercel-labs/skills): `npx skills add danygiguere/audit-skills --all` . This repo's [ AGENTS.md](/danygiguere/audit-skills/blob/main/AGENTS.md) is the one-page digest of all 30 invariants. Copy its content into your project's `AGENTS.md` (append it if you already have one — never replace yours): merged there, it gives every agent ambient awareness of the invariants on every prompt; without it, the skills only activate when triggered. Its routing table points at the installed skills folder.**Claude Code note:** Claude Code does not yet read `.agents/skills/` ([anthropics/claude-code#31005](https://github.com/anthropics/claude-code/issues/31005)). Bridge it with: ``` mkdir -p .claude && ln -s ../.agents/skills .claude/skills echo '@AGENTS.md' > CLAUDE.md # if you don't already have a CLAUDE.md ``` Instead of copying the skills into every project, you can clone `audit-skills` once and drop your projects inside the `projects/` folder — it is gitignored, so your code never shows up in `git status` and a `git pull` (or `git checkout vX.Y` ) updates the skills without touching anything you put there. ``` git clone https://github.com/danygiguere/audit-skills # drop any project you want to audit inside projects/ cp -R /path/to/myproject audit-skills/projects/myproject ``` Then audit from inside this repo: ``` /audit projects/myproject ``` To stay current: `git pull` — your projects are untouched. This is useful when you want to audit a repo you don't own or don't want to modify, or when you'd rather maintain one central copy of the skills instead of one per project. **Automatic**— ask your agent to "review this endpoint" / "audit this diff"; the skills trigger on their descriptions.** By command**—`/audit` for a full audit, or per topic:`/audit-idor` ,`/audit-injection` ,`/audit-atomicity` , … All of them audit your current diff by default; name a file, folder, or branch to audit something else.**By name**— "run the idempotency checklist on this webhook handler".** Fixes**— after findings are confirmed:`/audit-fix-authz` ,`/audit-fix-async` ,`/audit-fix-observability` (see "How fixes work"). Audits and fixes are deliberately separate steps. `/audit` and the `audit-*` checklists only **find and report** — they never change code. Fixing happens when you ask for it: say "fix those" after a report, or run an `audit-fix-*` command. Every finding has a fix available; what differs is where it lives: **Most topics — the fix is in the checklist itself.** Each checklist's `Example` section shows the vulnerable shape next to the fixed shape. For topics like injection, secrets, output encoding, or N+1 queries, the fix is mechanical and has one right answer (parameterize the query, move the secret to the environment, bulk-load before the loop). When you say "fix it", the agent applies that fixed shape — no extra command needed. **Eight topics — the fix is an architectural choice.** Some findings have several valid fixes with real trade-offs (an idempotency bug: dedupe table, idempotency key, UPSERT, or an absolute-state write?). Those topics point to a remediation playbook that walks the agent through choosing: | Findings from | Playbook | Command | |---|---|---| | authorization, IDOR, tenant isolation | `remediation/authz-patterns.md` | `/audit-fix-authz` | | atomicity, idempotency, background work, state management | `remediation/async-patterns.md` | `/audit-fix-async` | | observability | `remediation/observability-patterns.md` | `/audit-fix-observability` | Either way, the flow is the same: **audit → confirmed findings → ask for the fix.** Fixes follow the same rules everywhere: the smallest change that restores the invariant, matching the surrounding code style, with a test demonstrating the fix — and never mixed with unrelated refactoring. The canonical version lives in [ VERSION](/danygiguere/audit-skills/blob/main/VERSION). It is stamped into the two artifacts that travel into your project: the `audit` skill (a `version:` field in its frontmatter plus a source footer) and the `AGENTS.md` digest (footer). Installed copies therefore always say what version they are and where they come from — compare your stamp against this repo's `VERSION` to know whether you're outdated. (No need to copy `VERSION` into your project — the stamps travel with the artifacts.) Your agent can do it for you: "check whether my audit-skills are up to date" gives it everything it needs.