opendatahub-io/doc-review
helpers/skills/doc-review/SKILL.md
Use this skill to perform adversarial review of AsciiDoc documentation against context sources. Checks factual accuracy, completeness, consistency, and hallucination. Produces workspace/review-findings.json.
$ install --global
skillsauthnpx skillsauth add opendatahub-io/ai-helpers doc-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 2, 2026, 6:19 AM378.6s2 files scanned
SKILL.md
- name:
- doc-review
- description:
- >
- argument-hint:
- <file-or-directory> [--context workspace/context-package.json]
- model:
- claude-opus-4-6
- effort:
- high
doc-review
Perform adversarial comparison of documentation content against context sources to detect inaccuracies, omissions, and hallucinations.
Prerequisites
- AsciiDoc files to review (specified in arguments)
workspace/context-package.jsonshould exist for cross-reference checking
Parse arguments
$ARGUMENTS contains:
- Target: file path, directory, or glob pattern for AsciiDoc files to review
- --context (optional): path to context package (defaults to
workspace/context-package.json)
Step 1: Discover files
Resolve the target to a list of .adoc files:
- Single file: review that file
- Directory: glob
**/*.adoc - Glob pattern: expand it
Step 2: Load context
Read workspace/context-package.json and extract:
- Ticket metadata (summary, description, components)
- Context files with content (source code, API specs, architecture docs, existing docs)
- Product conventions
Group context files by type for targeted comparison:
- Source code:
.go,.py,.javafiles — authoritative for API behavior - API specs:
*_types.go,*.yamlCRD files — authoritative for field names and schemas - Architecture docs:
.mdfiles from architecture repos — authoritative for design - Existing docs:
.adocfiles — reference for style and terminology
Step 3: Review each file
For each AsciiDoc file, read its content and construct a review prompt combining:
- Read
${CLAUDE_SKILL_DIR}/prompts/review-content.mdtemplate - The documentation content being reviewed
- Relevant context files (matched by topic/component)
- Ticket metadata
Ask the LLM to perform adversarial review:
- Factual accuracy: Compare every technical claim against source code and API specs
- Completeness: Check if important details from the ticket and context are covered
- Consistency: Verify terminology matches existing documentation
- Hallucination check: Flag any API fields, CLI flags, config options, or behaviors not found in context sources
Step 4: Compile findings
Merge findings from all reviewed files:
{
"reviewed_at": "2026-04-14T10:50:00Z",
"files_reviewed": 3,
"confidence": 0.78,
"summary": "Documentation is largely accurate but has 2 technical issues...",
"findings": [
{
"category": "technical_inaccuracy",
"severity": "high",
"description": "The documented API field 'replicas' should be 'minReplicas'",
"file_path": "modules/serving/pages/ref_model-serving-params.adoc",
"line_start": 42,
"line_end": 42,
"context_source": "api/v1alpha1/servingruntime_types.go:87",
"suggestion": "Change 'replicas' to 'minReplicas' per the CRD type definition"
}
],
"summary_by_severity": {
"high": 1,
"medium": 2,
"low": 3,
"total": 6
}
}
Step 5: Write findings
Write workspace/review-findings.json.
Output
Primary: workspace/review-findings.json
Report to caller: confidence score, total findings by severity, files reviewed.
Stop conditions
- Halt: No files found matching target
- Warn and continue: Context package missing (review without cross-reference)
- Continue: Individual file review fails (record error, continue with others)
Related Skills
opendatahub-io/python-packaging-static-audit
development
VerifiedTrustedCommunity
Run hexora static analysis on a Python package repository to detect suspicious code patterns, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.
30SKILL.mdUpdated May 30, 2026
opendatahub-io/python-packaging-git-audit
development
VerifiedTrustedCommunity
Inspect recent git history of a Python package repository for suspicious commits touching supply-chain-sensitive files, then triage findings with AI reasoning to produce a structured risk report section.
30SKILL.mdUpdated May 30, 2026
opendatahub-io/python-packaging-binary-audit
development
VerifiedTrustedCommunity
Scan a Python package repository for compiled/binary files using Fromager-style detection and malcontent YARA analysis, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.
30SKILL.mdUpdated May 30, 2026
opendatahub-io/non-redhat-rpms
testing
VerifiedTrustedCommunity
Use this skill to identify non-Red Hat RPM packages installed in container images or on the local machine. For containers, pulls images across multiple architectures and release tags; for local scans, inspects the host directly. Extracts RPM signing metadata and reports packages not signed with the Red Hat GPG key as CSV output. Use when auditing compliance, checking supply-chain provenance, or scanning for third-party RPMs in RHOAI component images.
30SKILL.mdUpdated May 29, 2026