audit-integrityvon github
Shared audit integrity framework for all AppSec agents — enforces output quality, intellectual honesty, and continuous improvement through anti-rationalization…
npx skills add https://github.com/github/awesome-copilot --skill audit-integrityAudit Integrity Skill
Enforces output quality, intellectual honesty, and continuous improvement across all AppSec agents.
When to Use
- Every security analysis, code review, threat model, or quality scan agent run
- Applied automatically as a post-analysis quality gate
- Applicable to any agent performing SAST, SCA, threat modeling, or code quality analysis
Components
This skill provides 7 reusable capabilities. Agents apply all 7 unless their scope excludes a specific component.
| Component | Reference File | Purpose |
|---|---|---|
| Clarification Protocol | clarification-protocol.md | Ask ≤2 targeted questions before analysis when scope is ambiguous |
| Anti-Rationalization Guard | anti-rationalization-guard.md | Table of prohibited rationalizations with mandatory responses |
| Self-Critique Loop | self-critique-loop.md | Mandatory second-pass review after initial analysis |
| Retry Protocol | retry-protocol.md | Tool failure handling — retry once, then document |
| Non-Negotiable Behaviors | non-negotiable-behaviors.md | Hard rules: never fabricate, always cite evidence, report gaps |
| Self-Reflection Quality Gate | self-reflection-quality-gate.md | 1–10 scoring rubric with ≥8 threshold per category |
| Self-Learning System | self-learning-system.md | Lesson/Memory templates and governance rules |
Execution Flow
- Before analysis: Apply Clarification Protocol if scope is ambiguous
- During analysis: Apply Anti-Rationalization Guard at every decision point
- After initial pass: Execute Self-Critique Loop (mandatory second pass)
- On tool failure: Apply Retry Protocol
- Before delivery: Run Self-Reflection Quality Gate (all categories must score ≥8)
- After delivery: Create Lessons/Memories for novel findings, false positives, or methodology gaps (see Self-Learning System)
Agent-Specific Adaptation
Each agent customizes the Self-Critique Loop checklist and Self-Reflection Quality Gate categories to match its domain. The reference files provide the base templates; agents extend them with domain-specific items.
Example extensions per agent type
- SAST/SCA agents: Add taint trace completeness and manifest coverage checks
- SonarQube-style agents: Add rating sanity check (A–E consistency with findings)
- Threat modeling agents: Add STRIDE category completeness per trust boundary
- Code review agents: Add trust boundary audit with data flow tracing
Mehr Skills von github
console-rendering
by github
Instructions for using the struct tag-based console rendering system in Go
acquire-codebase-knowledge
by github
Use this skill when the user explicitly asks to map, document, or onboard into an existing codebase. Trigger for prompts like "map this codebase", "document…
acreadiness-assess
by github
Run the AgentRC readiness assessment on the current repository and produce a static HTML dashboard at reports/index.html. Wraps `npx github:microsoft/agentrc…
acreadiness-generate-instructions
by github
Generate tailored AI agent instruction files via AgentRC instructions command. Produces .github/copilot-instructions.md (default, recommended for Copilot in VS…
acreadiness-policy
by github
Help the user pick, write, or apply an AgentRC policy. Policies customise readiness scoring by disabling irrelevant checks, overriding impact/level, setting…
add-educational-comments
by github
Add educational comments to code files to transform them into effective learning resources. Adapts explanation depth and tone to three configurable knowledge levels: beginner, intermediate, and advanced Automatically requests a file if none is provided, with numbered list matching for quick selection Expands files by up to 125% using educational comments only (hard limit: 400 new lines; 300 for files over 1,000 lines) Preserves file encoding, indentation style, syntax correctness, and...
adobe-illustrator-scripting
by github
Write, debug, and optimize Adobe Illustrator automation scripts using ExtendScript (JavaScript/JSX). Use when creating or modifying scripts that manipulate…
agent-governance
by github
Declarative policies, intent classification, and audit trails for controlling AI agent tool access and behavior. Composable governance policies define allowed/blocked tools, content filters, rate limits, and approval requirements — stored as configuration, not code Semantic intent classification detects dangerous prompts (data exfiltration, privilege escalation, prompt injection) before tool execution using pattern-based signals Tool-level governance decorator enforces policies at function...