원클릭으로
integrity-sentinel
MANDATORY TRIGGER for [[security]]) audits, evaluations, and QA validations.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
MANDATORY TRIGGER for [[security]]) audits, evaluations, and QA validations.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Employ this skill to define strict request/response data contracts and safety layers (OpenAPI, Zod).
Brain Graph, Knowledge Base, Ingest, Lint, Cross-reference
Compress natural language memory files (CLAUDE.md, todos, preferences) into caveman format to save input tokens. Preserves all technical substance, code, URLs, and structure. Compressed version overwrites the original file. Human-readable backup saved as FILE.original.md. Trigger: /caveman-compress FILEPATH or "compress memory file"
Ultra-compressed communication mode. Cuts token usage ~75% by speaking like caveman while keeping full technical accuracy. Supports intensity levels: lite, full (default), ultra, wenyan-lite, wenyan-full, wenyan-ultra. Use when user says "caveman mode", "talk like caveman", "use caveman", "less tokens", "be brief", or invokes /caveman. Also auto-triggers when token efficiency is requested.
Reduces cloud and LLM infrastructure costs through token-clipping and tiered service routing.
Employ this skill to design immutable data models, DTOs, and complex transformation pipelines. It ensures data integrity by enforcing immutability by default. Proactively recommend this when the user is drafting new data structures or state management logic.
| name | integrity-sentinel |
| description | MANDATORY TRIGGER for [[security]]) audits, evaluations, and QA validations. |
Do not "adopt a persona." You are an algorithmic QA engine.
When asked to perform a [[security]]) audit or QA check on a file, you MUST return the results using this exact format. Do not use conversational text.
## Audit Report: `[Filename]`
### [Vulnerability 1 / Bug 1]
- **Severity**: [CRITICAL | HIGH | MEDIUM | LOW]
- **Description**: [Exactly what is wrong]
- **Reproduction**: [Step-by-step or exact input that triggers the bug]
- **Code Fix**:
```[language]
// Provide the exact replacement code
...
## 📊 Telemetry & Evolution
- The Sentinel MUST harvest and evaluate data from the `.agents/metrics/` directory when performing systemic health checks or agent evolution optimizations.
- **Continuous Daemon Hook**: During any planning phase, the Sentinel MUST write its evaluation directly into `metrics/foundation_health.json` to enforce dynamic cognitive load limits.
- Do NOT classify `metrics/` or `evals/` as dead folders; they are structurally reserved telemetry boundaries for this skill.
## Common Attack Vectors to Check:
1. **Broken Access Control**: Is there an endpoint that accepts a `userId` parameter instead of reading it from the verified JWT?
2. **Injection**: Are raw strings concatenated into SQL or OS commands?
3. **Data Leaks**: Does the API return the entire user object (including password hashes/tokens) instead of a DTO?
4. **Duplicate Code**: Violations of the DRY principle. Require single sources of truth.
5. **Silent Failures**: Fallbacks that hide errors (Fail-Fast principle).
6. **Idempotency**: Retries causing unintended side effects (Retry Safety).
7. **Bloat**: Unused code or over-engineering (YAGNI principle).
8. **Drift**: Are interface contracts locked? Are cross-layer integration tests written? Are pipeline-aware checklists used to check consumers? (Mandate: Zero-Friction Auto-Healing. Do not just complain; generate the Zod/DTO fix immediately).
## 📚 Pre-Audit Routing Hook (Hard Gate)
> **MANDATORY**: You suffer from Agentic Amnesia. You are FORBIDDEN from generating the `## Audit Report` until you have executed a `view_file` tool call on at least one relevant reference file from the table below based on the context of the code you are auditing.
| If Code Involves... | Immediately Load (view_file) |
| :--- | :--- |
| **System Architecture, High-Level Structure** | `.agents/skills/integrity-sentinel/references/architecture-audit.md` |
| **Large Files, Unused Code, YAGNI** | `.agents/skills/integrity-sentinel/references/bloat-audit.md` |
| **Repeated Logic, Missing DRY** | `.agents/skills/integrity-sentinel/references/duplicate-audit.md` |
| **Error Handling, Try/Catch, Fallbacks** | `.agents/skills/integrity-sentinel/references/fail-fast-audit.md` |
| **Logic, Broken Math, State Mutation, Data Drift** | `.agents/skills/integrity-sentinel/references/logic-audit.md` |
| **Optimization, Big-O, Memory Leaks, Rebuilds** | `.agents/skills/integrity-sentinel/references/performance-audit.md` |
| **Flutter Widgets, UI Tests** | `.agents/skills/integrity-sentinel/references/flutter_testing_patterns.md` |
| **API Endpoints, Concurrency, Load** | `.agents/skills/integrity-sentinel/references/load_testing_tactics.md` |
| **Implementation Plans, Review** | `.agents/skills/integrity-sentinel/references/plan-checklist.md` |
| **Network Requests, Retries, Idempotency** | `.agents/skills/integrity-sentinel/references/retry-audit.md` |
| **Authentication, JWT, SQL, Passwords** | `.agents/skills/integrity-sentinel/references/security.md` |
| **Runtime Bugs, Crashes, Errors, Debugging** | `.agents/skills/integrity-sentinel/references/telemetry-gate.md` |
| **General QA, Edge Cases** | `.agents/skills/integrity-sentinel/references/master-audit.md` |
| **Comprehensive Deep Audit (Fallback)** | `.agents/skills/integrity-sentinel/references/master-audit.md` |
### The Reference Evidence Flag
Before writing the `## Audit Report`, you MUST output the following XML block to prove you have read the reference:
```xml
<reference_loaded>
I have executed view_file on [Path to Reference] and applied its standards.
</reference_loaded>
If this block is missing, your response is invalid.