Audit Integrity Skill

Enforces output quality, intellectual honesty, and continuous improvement across all AppSec agents.

When to Use

• Every security analysis, code review, threat model, or quality scan agent run
• Applied automatically as a post-analysis quality gate
• Applicable to any agent performing SAST, SCA, threat modeling, or code quality analysis

Components

This skill provides 7 reusable capabilities. Agents apply all 7 unless their scope excludes a specific component.

Execution Flow

1. Before analysis: Apply Clarification Protocol if scope is ambiguous
2. During analysis: Apply Anti-Rationalization Guard at every decision point
3. After initial pass: Execute Self-Critique Loop (mandatory second pass)
4. On tool failure: Apply Retry Protocol
5. Before delivery: Run Self-Reflection Quality Gate (all categories must score ≥8)
6. After delivery: Create Lessons/Memories for novel findings, false positives, or methodology gaps (see Self-Learning System)

Agent-Specific Adaptation

Each agent customizes the Self-Critique Loop checklist and Self-Reflection Quality Gate categories to match its domain. The reference files provide the base templates; agents extend them with domain-specific items.

Example extensions per agent type

• SAST/SCA agents: Add taint trace completeness and manifest coverage checks
• SonarQube-style agents: Add rating sanity check (A–E consistency with findings)
• Threat modeling agents: Add STRIDE category completeness per trust boundary
• Code review agents: Add trust boundary audit with data flow tracing