MR
Mayur Rathi
@github
⭐ 34.1k GitHub stars

Audit-Integrity

Audit-Integrity是一款security方向的AI技能,核心价值是Shared audit integrity framework for all AppSec agents — enforces output quality, intellectual honesty, and continuous improvement through anti-rationalization guards, self-critique loops, retry proto,可用于解决开发者在security领域的实际问题,帮助用户提升效率、自动化重复任务或优化工作流。

Shared audit integrity framework for all AppSec agents — enforces output quality, intellectual honesty, and continuous improvement through anti-rationalization guards, self-critique loops, retry proto

Last verified on: 2026-05-30
mkdir -p ./skills/audit-integrity && curl -sfL https://raw.githubusercontent.com/github/awesome-copilot/main/skills/audit-integrity/SKILL.md -o ./skills/audit-integrity/SKILL.md

Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).

Skill Content

# Audit Integrity Skill


Enforces output quality, intellectual honesty, and continuous improvement across all AppSec agents.


When to Use


- Every security analysis, code review, threat model, or quality scan agent run

- Applied automatically as a post-analysis quality gate

- Applicable to any agent performing SAST, SCA, threat modeling, or code quality analysis


Components


This skill provides 7 reusable capabilities. Agents apply all 7 unless their scope excludes a specific component.


| Component | Reference File | Purpose |

|-----------|---------------|---------|

| Clarification Protocol | [clarification-protocol.md](references/clarification-protocol.md) | Ask ≤2 targeted questions before analysis when scope is ambiguous |

| Anti-Rationalization Guard | [anti-rationalization-guard.md](references/anti-rationalization-guard.md) | Table of prohibited rationalizations with mandatory responses |

| Self-Critique Loop | [self-critique-loop.md](references/self-critique-loop.md) | Mandatory second-pass review after initial analysis |

| Retry Protocol | [retry-protocol.md](references/retry-protocol.md) | Tool failure handling — retry once, then document |

| Non-Negotiable Behaviors | [non-negotiable-behaviors.md](references/non-negotiable-behaviors.md) | Hard rules: never fabricate, always cite evidence, report gaps |

| Self-Reflection Quality Gate | [self-reflection-quality-gate.md](references/self-reflection-quality-gate.md) | 1–10 scoring rubric with ≥8 threshold per category |

| Self-Learning System | [self-learning-system.md](references/self-learning-system.md) | Lesson/Memory templates and governance rules |


Execution Flow


1. **Before analysis**: Apply Clarification Protocol if scope is ambiguous

2. **During analysis**: Apply Anti-Rationalization Guard at every decision point

3. **After initial pass**: Execute Self-Critique Loop (mandatory second pass)

4. **On tool failure**: Apply Retry Protocol

5. **Before delivery**: Run Self-Reflection Quality Gate (all categories must score ≥8)

6. **After delivery**: Create Lessons/Memories for novel findings, false positives, or methodology gaps (see Self-Learning System)


Agent-Specific Adaptation


Each agent customizes the **Self-Critique Loop** checklist and **Self-Reflection Quality Gate** categories to match its domain. The reference files provide the base templates; agents extend them with domain-specific items.


Example extensions per agent type

- **SAST/SCA agents**: Add taint trace completeness and manifest coverage checks

- **SonarQube-style agents**: Add rating sanity check (A–E consistency with findings)

- **Threat modeling agents**: Add STRIDE category completeness per trust boundary

- **Code review agents**: Add trust boundary audit with data flow tracing

🎯 Best For

  • Claude users
  • GitHub Copilot users
  • AI users

💡 Use Cases

  • Using Audit-Integrity in daily workflow
  • Automating repetitive security tasks

📖 How to Use This Skill

  1. 1

    Install the Skill

    Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.

  2. 2

    Load into Your AI Assistant

    Open Claude or GitHub Copilot and reference the skill. Paste the SKILL.md content or use the system prompt tab.

  3. 3

    Apply Audit-Integrity to Your Work

    Provide context for your task — paste source material, describe your audience, or share existing work to guide the AI.

  4. 4

    Review and Refine

    Edit the AI output for accuracy, tone, and completeness. Add human insight where the AI lacks context.

❓ Frequently Asked Questions

How do I install Audit-Integrity?

Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/audit-integrity/SKILL.md, ready to use.

Can I customize this skill for my team?

Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.

⚠️ Common Mistakes to Avoid

Not reading the full skill

Skills contain important context and edge cases beyond the quick start.

🔗 Related Skills

agent-owasp-compliance Agent-Owasp-Complianceazure-policy-analyzer Azure Policy Analyzerdata-breach-blast-radius Data-Breach-Blast-Radiusexpert-embedded-c-engineer Expert-Embedded-C-Engineergem-reviewer Gem-Reviewerimpediment-prioritization Impediment-Prioritization