pkuppens/operations-audit
skills/operations/operations-audit/SKILL.md
Performs compliance, security, and performance audits of a service or codebase. Use when preparing for a security review, assessing technical debt, validating GDPR/HIPAA compliance posture, or running a performance baseline.
development
Updated May 15, 2026
$ install --global
skillsauthnpx skillsauth add pkuppens/pkuppens operations-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 15, 2026, 5:43 AM82.2s1 file scanned
SKILL.md
- name:
- operations-audit
- description:
- Performs compliance, security, and performance audits of a service or codebase. Use when preparing for a security review, assessing technical debt, validating GDPR/HIPAA compliance posture, or running a performance baseline.
Operations Audit
Structured audit covering security, compliance, performance, and data handling.
When to use:
- Before a client or regulatory review
- Quarterly security and dependency hygiene check
- Assessing technical debt and risk (feeds
architecture-risks-debt) - Validating GDPR/HIPAA compliance posture for healthcare/personal data systems
Instructions:
-
Security audit:
- Dependency vulnerabilities:
uv run pip-auditornpm audit - Secrets in code:
git log --all --oneline | head -50; check for hardcoded keys - Authentication: verify all endpoints require auth where expected
- OWASP Top 10: check for SQL injection, XSS, CSRF, broken auth, excessive data exposure
- Dependency vulnerabilities:
-
Dependency audit:
- Outdated packages:
uv run pip list --outdated - Deprecated APIs in use: search for known deprecation patterns
- Transitive dependency conflicts:
uv tree
- Outdated packages:
-
Performance audit:
- Identify slow endpoints from logs (P95 > 500ms)
- Check for N+1 queries: look for loops with DB calls inside
- Check index coverage for frequent queries
- Memory baseline: measure container memory under typical load
-
Data compliance (if applicable):
- PII fields: are they encrypted at rest and in transit?
- Retention policy: is stale data purged per policy?
- Audit log: are sensitive operations logged with user identity and timestamp?
- Data residency: is data stored in permitted regions?
-
Code quality audit:
- Test coverage:
uv run pytest --cov— flag modules below 60% - Lint/format:
uv run ruff check .— count and categorise violations - Type coverage:
uv run pyrightormypy— flag untyped public APIs
- Test coverage:
-
Document findings in
tmp/operations/audit-<date>.md:- Findings by category (Critical / High / Medium / Low)
- Recommended actions with effort estimate
- Link to issues created for remediation
Output format:
## Audit Report — <date>
### Critical
- <finding>: <recommendation> (#NNN)
### High
- <finding>: <recommendation>
### Medium / Low
- <summary>
### Summary
- Findings: <C>/<H>/<M>/<L>
- Issues created: #NNN, #NNN
Integration: Findings feed issue-workflow (create issues) and architecture-risks-debt. See COOPERATION.md.
Related Skills
pkuppens/azure-devops-work-items
tools
VerifiedTrustedCommunity
Creates, queries, updates, and links Azure Boards work items via az boards CLI. Use when filing ADO work items, running WIQL queries, or setting area path, iteration, tags, and assignee.
SKILL.mdUpdated May 29, 2026
pkuppens/azure-devops-repos
tools
VerifiedTrustedCommunity
Creates, reviews, and completes Azure Repos pull requests and branch policies via az repos CLI. Use when opening ADO PRs, setting required reviewers, or configuring build validation policies.
SKILL.mdUpdated May 29, 2026
pkuppens/azure-devops-pipelines
development
VerifiedTrustedCommunity
Guides Azure Pipelines YAML structure, build validation on PRs, and staged deployment with environments and approvals. Use when authoring azure-pipelines.yml or configuring CI/CD on Azure DevOps.
SKILL.mdUpdated May 29, 2026
pkuppens/azure-devops
tools
VerifiedTrustedCommunity
Orchestrates Azure DevOps work item, repo, and pipeline workflows using az CLI. Use when working with Azure DevOps, Azure Repos, Azure Boards, Azure Pipelines, or az devops commands.
SKILL.mdUpdated May 29, 2026