一键导入
audit
Audit a codebase for security vulnerabilities, code quality issues, and architecture concerns
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Audit a codebase for security vulnerabilities, code quality issues, and architecture concerns
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Write personal blog posts with the rhythm, structure, and voice of top-tier essayists (Paul Graham, Dan Luu, Henrik Karlsson, Ben Kuhn, etc.)
Add a new feature with design, TDD, and PR workflow
Use when the user says "autopilot", "auto mode", "替我回答", or "自动回答". Enables autonomous decision-making by answering Claude's own questions based on the user's personality profile.
Fix a bug with systematic debugging, TDD, and PR workflow
Create a git release — tag, push, and create GitHub release
Emergency fix — minimal change, fast PR, no design overhead
| name | audit |
| description | Audit a codebase for security vulnerabilities, code quality issues, and architecture concerns |
| user_invocable | true |
Systematically review a codebase for security, quality, and architecture issues.
/audit [target directory or file pattern]
If no target is specified, audit the entire repository.
Review for common vulnerability classes:
npm audit / pip audit / language-equivalent; flag known CVEsPresent findings as a structured report:
## Audit Report: <project or target>
### Summary
[2-3 sentences: overall health, most critical area]
### Findings
#### Critical (must fix — security risk or data loss)
- [file:line] Description of issue
- Impact: ...
- Fix: ...
#### Important (should fix — quality or reliability risk)
- [file:line] Description of issue
- Impact: ...
- Fix: ...
#### Suggestions (nice to have — maintainability improvements)
- [file:line] Description of issue
- Suggestion: ...
### Metrics
- Files scanned: [count]
- Issues found: [critical / important / suggestion]
- Dependency vulnerabilities: [count from package audit]
### Top 3 Priorities
1. ...
2. ...
3. ...
After presenting the report, ask the user:
"Audit complete. Want me to generate a remediation plan and start fixing these issues?"
If the user agrees:
Build a remediation plan — group findings into actionable work items, ordered by priority:
/zforge:hotfix (one per critical finding)/zforge:fix-bug/zforge:refactor/zforge:add-featPresent the plan as a numbered list with skill, branch name, and scope:
## Remediation Plan
| # | Skill | Branch | Scope |
|---|-------|--------|-------|
| 1 | /hotfix | hotfix/fix-sql-injection | SQL injection in user query (auth.py:42) |
| 2 | /fix-bug | fix/add-input-validation | Missing input validation on API endpoints |
| 3 | /refactor | refactor/extract-auth-middleware | Auth logic duplicated across 4 handlers |
Get explicit confirmation before starting any work
Execute sequentially — invoke the corresponding skill for each item, one at a time, following its full workflow (branch, TDD, PR)
If the user declines, end the audit. The report stands on its own.