一键导入
audit
Full-project code audit workflow: audit then fix
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Full-project code audit workflow: audit then fix
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Interview the user relentlessly about a plan or design. Use when the user wants to stress-test a plan before building, or uses any 'grill' trigger phrases.
Surface deepening opportunities in a codebase — shallow modules, seam leaks, missing locality — and grill through whichever one you pick. Architecture-pattern aware (monolith / distributed / serverless).
Reconcile and validate all documents in the project's docs/ directory
Systematic root cause analysis. No fixes without investigation
Principal Engineer persona. Production-first technical judgment
Standalone QA investigation and fix workflow
| name | audit |
| description | Full-project code audit workflow: audit then fix |
/audit [scope] [guidance] - Full-project code audit workflow (audit first, then fix)
Broad repository audit for overall code health. Not change-scoped.
scope (optional): module/path to narrow audit. Defaults to full project sweep.guidance (optional): free-form sentence to steer audit focus (e.g. focus areas, priorities, known concerns). Passed to all reviewers.CRITICAL - must fix now | MEDIUM - should fix soon | LOW - suggestion (max 5)
All audit and fix work must be delegated to sub-agents via the Task tool to conserve the main context window. Never read full source files, run analysis, apply fixes, or stream raw findings in the main conversation. The main context only receives: consolidated reports, user prompts, and fix approvals.
Invocation of /audit is treated as explicit approval for read-only git commands in the current repo (git status/diff/log). Do not run git write/destructive operations without separate user confirmation.
Scope (MANDATORY):
.git/, node_modules/, dist/, build/, .next/, .cache/, coverage artifacts, lockfile vendor caches.APPROVED with Actions: none (nothing to audit).Guidance (OPTIONAL):
Context (MANDATORY):
README, docs/architecture.md, docs/requirements.md when present.git status/diff/log) for recent risk areas (context only, not scope selection).Pass 1 - Audit (MANDATORY):
Audit Report (MANDATORY):
APPROVED and stop.Proceed to fix now? (recommended: yes) [Y/n].Pass 2 - Fix (MANDATORY when approved):
Re-audit (MANDATORY):
CHANGES_NEEDED with concrete missing context/actions.Output (MANDATORY, lightweight):
# Audit: {scope}
Scope: source={full_project|explicit}; files_scanned={count}; exclusions={list}
Reviewers: {list}
## Findings
### CRITICAL
- {issue} file:line
Evidence: {exact code/pattern}
Impact: {concrete consequence}
### MEDIUM
- {issue} file:line
Evidence: {exact code/pattern}
Impact: {concrete consequence}
### LOW (max 5)
- {issue} file:line
Evidence: {exact code/pattern}
## Verdict: APPROVED | CHANGES_NEEDED
## Actions: {prioritized list}