一键导入
audit-skills
SKILL.md audit methodology preloaded by the skill-auditor agent. The main conversation reaches this audit only through that agent.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
SKILL.md audit methodology preloaded by the skill-auditor agent. The main conversation reaches this audit only through that agent.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
ALWAYS invoke this skill when diagnosing the health of a spec-tree or spx environment, when checking whether the SessionStart hook fired for the current session, or when troubleshooting a missing session identity, worktree claim, or unreachable spx CLI. NEVER guess why session state is missing without running these checks first.
ALWAYS invoke this skill when diagnosing the health of a spec-tree or spx environment, when checking whether the SessionStart hook fired for the current session, or when troubleshooting a missing session identity, worktree claim, or unreachable spx CLI. NEVER guess why session state is missing without running these checks first.
ALWAYS invoke this skill when diagnosing the health of a spec-tree or spx environment, when checking whether the SessionStart hook fired for the current session, or when troubleshooting a missing session identity, worktree claim, or unreachable spx CLI. NEVER guess why session state is missing without running these checks first.
ALWAYS invoke this skill when writing or fixing tests for Python. NEVER write or fix Python tests without this skill.
ALWAYS invoke this skill when selecting the next executable slice to implement or deciding which spec-tree nodes /apply should build next from an implementation plan. NEVER choose the next nodes by ad hoc selection — this skill scopes an existing plan to demonstrable value before /apply runs.
ALWAYS invoke this skill when writing or fixing tests for Python. NEVER write or fix Python tests without this skill.
| name | audit-skills |
| description | SKILL.md audit methodology preloaded by the skill-auditor agent. The main conversation reaches this audit only through that agent. |
| allowed-tools | Read, Grep, Glob, Bash, Skill |
{!% require_skill 'instructions:skill-standards' %!}
{!% require_skill 'instructions:agent-prompt-standards' %!}
<dispatch_gate>
This audit runs in the skill-auditor agent's isolated context. When this skill loads in the main conversation rather than inside a dispatched audit agent, STOP — dispatch the skill-auditor agent instead of running this audit here. The separate context keeps the verdict free of the bias the main conversation accumulates while doing the work under audit. An already-dispatched agent that preloaded this skill is in the right context and proceeds.
</dispatch_gate>
A verdict on a SKILL.md against `/skill-standards` and `/agent-prompt-standards`: findings grouped as keep-these-aspects / worth-improving / must-fix, each naming the location, the standard at issue, and the consequence. - NEVER modify files during audit - ONLY analyze and report findings - NEVER report a score; report contextual judgment across the full skill-authoring surface - MUST read all reference documentation before evaluating - ALWAYS provide file:line locations for every finding - NEVER generate fixes unless explicitly requested by the user - NEVER make assumptions about skill intent - flag ambiguities as findings - MUST complete all evaluation areas (YAML, Structure, Content, Anti-patterns) - ALWAYS apply contextual judgment - what matters for a simple skill differs from a complex one<focus_areas> During audits, prioritize evaluation of:
argument-hint when arguments are used)!-dynamic-context safety, allowed-tools tool-restriction security, @ file references)</focus_areas>
<audit_workflow> MANDATORY: Read standards FIRST, before auditing:
/skill-standards — the canonical standards for skill structure, frontmatter, XML tags, progressive disclosure, skill types, reference patterns, code-fence rules, bash restrictions, validation, and script testing. Then check for spx/local/skills.md at the repository root and read it if it exists./agent-prompt-standards — voice, description style, constraint language, and prose anti-patterns. Already injected above.references/, workflows/, templates/, scripts/ subdirectories).${CLAUDE_SKILL_DIR}/references/xml-structure-examples.md and ${CLAUDE_SKILL_DIR}/references/operational-effectiveness-examples.md for annotated violation examples. When the target carries command-capability fields — argument-hint/arguments, allowed-tools, !-dynamic context, or @ file references — also read /skill-standards's references/command-capabilities.md for the rules that govern that surface. When the target is an audit-* skill, also read /skill-standards's references/auditor-skeleton.md — the /skill-standards table loaded in step 1 directs you to it; read the file itself explicitly — the canonical auditor structure the auditor_skeleton_violation check verifies against./skill-standards or /agent-prompt-standards is unreadable, note under "Configuration Issues" and proceed with available content.Use ACTUAL patterns from /skill-standards, not memory. Never read create-skills/references/ for standards — that directory is workflow content only.
</audit_workflow>
<evaluation_areas> Check for:
false for reference skills loaded by other skills; default user-invocable for agent-preloaded audit skills with a passive description and <dispatch_gate>$ARGUMENTS, $ARGUMENTS[N], $N, or a declared $name); omit for self-contained skillsSuccess Criteria Verifiability:
pnpm test --coverage | grep foo.ts"Verification Gates:
pnpm test --coverage for both legacy and SPX. If delta >0.5%, STOP."Failure Modes Documentation:
Example Concreteness:
Procedural vs Operational Balance:
Argument usage:
argument-hint is present when the skill takes arguments.$ARGUMENTS preserves the full instruction string. It is valid when the skill accepts free-form natural-language instructions, forwards instructions to another skill, or needs to distinguish empty input from an instructed change.$ARGUMENTS[N] / $N are valid for stable positional tokens.arguments is substituted as $name in the body, and every $name the body substitutes is declared — neither orphaned.$ARGUMENTS to arguments preserves behavior only when the named argument's token boundary matches the skill's intent. Flag free-form whole-string skills that use a single named positional argument without proving rest-of-line capture.Dynamic-context safety (!-backtick blocks inside <context>):
Tool-restriction security (allowed-tools):
Bash(git add:*), not bare Bash or Bash(git *)) when specific verbs sufficeWrite, Bash, WebFetch) are absent unless the task needs them — a read-only or analysis skill cannot delete, force-push, deploy, or exfiltrateaudit-* skill carries Read, Grep, Glob, Bash (plus Skill when composing) and never Write/EditFile-reference portability:
${CLAUDE_SKILL_DIR}/references/... or ${CLAUDE_SKILL_DIR}/scripts/... in authored source. {!# no-codex-skill-dir-rewrite #!}<objective> states the observable output in a definite shape — not an actor ("The skill", "Claude") or a bare activity verb ("Audit", "Evaluate", "Generate"), and not a behavioral claim. It is one sentence (two only when the output has two distinct parts): the output target, not a summary of the skill. Every clause names a property of the output; a clause describing when the skill runs (→ description), how it runs (→ <workflow>), or what it avoids (→ <constraints>) is bloat that must be cut. <success_criteria> proves the output (its sound-making properties), never a re-list of the workflow steps; the two do not duplicate (per /agent-prompt-standards <objective_shape>). For an audit-* skill, check the canonical structure in /skill-standards references/auditor-skeleton.md; code-auditor and test-auditor objectives may use the skeleton's APPROVED/REJECTED field form without a separate finding-category sentence<contextual_judgment> Apply judgment based on skill complexity and purpose:
Simple skills (single task, <100 lines):
Complex skills (multi-step, external APIs, security concerns):
Delegation skills (invoke subagents):
Migration/transformation skills (change state, move files, update systems):
Always explain WHY something matters for this specific skill, not just that it violates a rule. </contextual_judgment>
<legacy_skills_guidance> Some skills were created before pure XML structure became the standard. When auditing legacy skills:
Migration pattern:
Workflow heading → <workflow>
Success criteria heading → <success_criteria>
Quick start heading → <quick_start> (only if skill is an on-demand tool)
</legacy_skills_guidance>
<reference_file_guidance>
Reference files in the references/ directory should also use pure XML structure (no markdown headings in body). However, be proportionate with reference files:
Priority: Fix SKILL.md first, then reference files. </reference_file_guidance>
<xml_structure_examples>
Read ${CLAUDE_SKILL_DIR}/references/xml-structure-examples.md for annotated examples of each violation type.
</xml_structure_examples>
<operational_effectiveness_examples>
Read ${CLAUDE_SKILL_DIR}/references/operational-effectiveness-examples.md for annotated examples of each issue type.
</operational_effectiveness_examples>
<verdict_format>
Emit a structured verdict consumed by the composing verification workflow. The skill's entire output is the verdict payload. The composing workflow records findings, terminal state, and rendered projection through spx verification run.
The skill's overall is APPROVED iff the must-fix row has no REJECT findings; otherwise it is REJECTED. An audit that cannot complete records a REJECT finding in must-fix and returns REJECTED. Worth-improving and keep-these-aspects observations land as WARNING and INFO findings respectively and do not reject the skill.
{
"schema_version": 1,
"skill": "audit-skills",
"target": "<skill-path>",
"overall": "APPROVED | REJECTED",
"rows": [
{
"name": "keep-these-aspects",
"status": "PASS",
"findings": [
{
"id": "f-001",
"file": "<skill-file>",
"line": 12,
"rule": "<strength-name>",
"severity": "INFO",
"message": "<what it does> — removing this would <specific consequence>"
}
]
},
{
"name": "worth-improving",
"status": "PASS",
"findings": [
{
"id": "f-002",
"file": "<skill-file>",
"line": 24,
"rule": "<issue-name>",
"severity": "WARNING",
"message": "Current: <what exists>. Change to: <what it should be>. Benefit: <specific gain>."
}
]
},
{
"name": "must-fix",
"status": "PASS | FAIL",
"findings": [
{
"id": "f-003",
"file": "<skill-file>",
"line": 36,
"rule": "<issue-name>",
"severity": "REJECT",
"message": "Current: <what exists>. Fix: <specific action>. Impact if unfixed: <what breaks>."
}
]
}
],
"metadata": { "skill_type": "simple | complex | delegation | etc.", "line_count": "<n>" }
}
Note: While this skill uses pure XML structure, it produces JSON output that the verdict toolchain renders as markdown for human readability. </verdict_format>
<failure_modes>
Failure 1: Approved a skill whose objective was still activity-shaped. Claude read an <objective> that opened with a verb ("Audit…", "Generate…") or an actor ("The skill…") and passed it, because the activity reading felt natural. The objective states an output; an activity- or actor-shaped one is a must-fix the actor_or_activity_objective flag exists to catch. Read every objective against /agent-prompt-standards <objective_shape>, not by feel.
Failure 2: Skipped an evaluation area and missed a whole class. Claude judged YAML and structure, formed a verdict, and stopped — leaving prompt craft or anti-patterns unexamined, so a class of violations passed unseen. The verdict is sound only when every evaluation area was judged; a skipped area yields an unsound verdict, not a shorter one. Cover all seven areas before issuing the verdict.
Failure 3: Scored the skill instead of judging it. Claude assigned a number ("8/10 structure") instead of grouping findings as keep / worth-improving / must-fix, turning a verdict into a rating the author cannot act on. Each finding names a location, a standard, and a consequence; a score names none of them. Emit findings, never scores.
</failure_modes>
<success_criteria> The verdict is sound when:
</success_criteria>
Before presenting audit findings, verify:Completeness checks:
Accuracy checks:
Quality checks:
Operational effectiveness checks (for complex skills):
Only present findings after all checks pass.