Security & Compliancelow risk

audit-integrity

Shared audit integrity framework for all AppSec agents — enforces output quality, intellectual honesty, and continuous improvement through anti-rationalization guards, self-critique loops, retry protocols, non-negotiable behaviors, self-reflection quality gates (1-10 scoring, ≥8 threshold), and a self-learning system with lesson/memory governance for security analysis agents.

github/awesome-copilot·skills/audit-integrity/SKILL.md
100/ 100品質分

匯入這個 Skill

選擇你的 coding agent,複製專案級或個人級安裝指令。

固定至平台收錄的 commit
匯入目前專案.agents/skills/audit-integrity
npx skills add https://github.com/github/awesome-copilot/tree/0aaced533251f5b86c69dfbc5e55db74c4b4d1af/skills/audit-integrity -a codex -y
匯入個人環境~/.agents/skills/audit-integrity
npx skills add https://github.com/github/awesome-copilot/tree/0aaced533251f5b86c69dfbc5e55db74c4b4d1af/skills/audit-integrity -a codex -g -y
手動放置目錄.agents/skills/audit-integrityOfficial docs ↗
匯入目前專案.claude/skills/audit-integrity
npx skills add https://github.com/github/awesome-copilot/tree/0aaced533251f5b86c69dfbc5e55db74c4b4d1af/skills/audit-integrity -a claude-code -y
匯入個人環境~/.claude/skills/audit-integrity
npx skills add https://github.com/github/awesome-copilot/tree/0aaced533251f5b86c69dfbc5e55db74c4b4d1af/skills/audit-integrity -a claude-code -g -y
手動放置目錄.claude/skills/audit-integrityOfficial docs ↗
匯入目前專案.agents/skills/audit-integrity
npx skills add https://github.com/github/awesome-copilot/tree/0aaced533251f5b86c69dfbc5e55db74c4b4d1af/skills/audit-integrity -a github-copilot -y
匯入個人環境~/.copilot/skills/audit-integrity
npx skills add https://github.com/github/awesome-copilot/tree/0aaced533251f5b86c69dfbc5e55db74c4b4d1af/skills/audit-integrity -a github-copilot -g -y
手動放置目錄.agents/skills/audit-integrityOfficial docs ↗
匯入目前專案.agents/skills/audit-integrity
npx skills add https://github.com/github/awesome-copilot/tree/0aaced533251f5b86c69dfbc5e55db74c4b4d1af/skills/audit-integrity -a cursor -y
匯入個人環境~/.cursor/skills/audit-integrity
npx skills add https://github.com/github/awesome-copilot/tree/0aaced533251f5b86c69dfbc5e55db74c4b4d1af/skills/audit-integrity -a cursor -g -y
手動放置目錄.agents/skills/audit-integrityOfficial docs ↗
匯入目前專案.agents/skills/audit-integrity
npx skills add https://github.com/github/awesome-copilot/tree/0aaced533251f5b86c69dfbc5e55db74c4b4d1af/skills/audit-integrity -a gemini-cli -y
匯入個人環境~/.gemini/skills/audit-integrity
npx skills add https://github.com/github/awesome-copilot/tree/0aaced533251f5b86c69dfbc5e55db74c4b4d1af/skills/audit-integrity -a gemini-cli -g -y
Native Gemini CLIgemini skills install https://github.com/github/awesome-copilot.git --scope workspace --path skills/audit-integrity
手動放置目錄.agents/skills/audit-integrityOfficial docs ↗
⚠ 安裝指令使用開源 skills CLI。執行前請檢查來源、腳本與權限。
# Audit Integrity Skill

Enforces output quality, intellectual honesty, and continuous improvement across all AppSec agents.

## When to Use

- Every security analysis, code review, threat model, or quality scan agent run
- Applied automatically as a post-analysis quality gate
- Applicable to any agent performing SAST, SCA, threat modeling, or code quality analysis

## Components

This skill provides 7 reusable capabilities. Agents apply all 7 unless their scope excludes a specific component.

| Component | Reference File | Purpose |
|-----------|---------------|---------|
| Clarification Protocol | [clarification-protocol.md](references/clarification-protocol.md) | Ask ≤2 targeted questions before analysis when scope is ambiguous |
| Anti-Rationalization Guard | [anti-rationalization-guard.md](references/anti-rationalization-guard.md) | Table of prohibited rationalizations with mandatory responses |
| Self-Critique Loop | [self-critique-loop.md](references/self-critique-loop.md) | Mandatory second-pass review after initial analysis |
| Retry Protocol | [retry-protocol.md](references/retry-protocol.md) | Tool failure handling — retry once, then document |
| Non-Negotiable Behaviors | [non-negotiable-behaviors.md](references/non-negotiable-behaviors.md) | Hard rules: never fabricate, always cite evidence, report gaps |
| Self-Reflection Quality Gate | [self-reflection-quality-gate.md](references/self-reflection-quality-gate.md) | 1–10 scoring rubric with ≥8 threshold per category |
| Self-Learning System | [self-learning-system.md](references/self-learning-system.md) | Lesson/Memory templates and governance rules |

## Execution Flow

1. **Before analysis**: Apply Clarification Protocol if scope is ambiguous
2. **During analysis**: Apply Anti-Rationalization Guard at every decision point
3. **After initial pass**: Execute Self-Critique Loop (mandatory second pass)
4. **On tool failure**: Apply Retry Protocol
5. **Before delivery**: Run Self-Reflection Quality Gate (all categories must score ≥8)
6. **After delivery**: Create Lessons/Memories for novel findings, false positives, or methodology gaps (see Self-Learning System)

## Agent-Specific Adaptation

Each agent customizes the **Self-Critique Loop** checklist and **Self-Reflection Quality Gate** categories to match its domain. The reference files provide the base templates; agents extend them with domain-specific items.

### Example extensions per agent type
- **SAST/SCA agents**: Add taint trace completeness and manifest coverage checks
- **SonarQube-style agents**: Add rating sanity check (A–E consistency with findings)
- **Threat modeling agents**: Add STRIDE category completeness per trust boundary
- **Code review agents**: Add trust boundary audit with data flow tracing