Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

praneethkukunuru/.agents/skills/hephaestus-laziness-audit

Name: .agents/skills/hephaestus-laziness-audit
Author: praneethkukunuru

.agents/skills/hephaestus-laziness-audit/SKILL.md

npx skillsauth add praneethkukunuru/synq-test-103 .agents/skills/hephaestus-laziness-audit

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

hephaestus-laziness-audit

Use this skill as a targeted anti-laziness gate before code is considered ship-ready.

Purpose

Audit implementation quality for common lazy-AI failure patterns and produce a ship-gating report.

Master Directive

This skill MUST follow .hephaestus/prompts/master-agent-directive.md. This skill MUST follow .hephaestus/prompts/db-navigation-contract.md. This skill MUST follow .hephaestus/prompts/ci-automation-contract.md. This skill MUST follow .hephaestus/prompts/security-review-contract.md.

Primary Owner

reviewer

Supporting Subagents

system_architect
qa_engineer
devops_infra when config/CI/runtime concerns are touched

Use When

Verification is complete and a ship decision is approaching.
Review needs structured anti-pattern evidence.

Inputs

Git diff
Touched files
.hephaestus/specs/<slug>.md
.hephaestus/plans/<slug>.md
.hephaestus/reports/<slug>-verify.md
CI/build artifacts if available
DB context (review_findings, verification_results, error_signatures, retrieval_chunks, raw_artifacts)
Shared API module (.hephaestus/db/storage/retrieval_api.py)

Outputs

.hephaestus/reports/<slug>-laziness-audit.md
DB updates in review_findings, recurrence_history, error_signatures, and artifact_index
Security DB updates in security_findings, blockers, and security retrieval chunks for OWASP-tagged anti-patterns

DB Reads

get_run_state, get_review_blockers, get_verification_summary, get_relevant_chunks, lookup_recurrence
get_security_findings, get_security_blockers
get_ci_workflow_states, get_ci_failure_summary, get_ci_noise_profile, get_recent_ci_failures_by_signature

DB Writes

register_artifact
insert_row on review_findings
persist_blocker (ship blockers)
persist_retrieval_chunk
persist_fix_pattern (for repeated anti-pattern corrections)
persist_security_finding (when anti-pattern maps to OWASP risk)
persist_security_control and persist_security_gate_decision when anti-pattern implies deterministic security gate failure
persist_ci_workflow_state / record_ci_automation_action when CI anti-patterns are found

OWASP 2025 Security Lens

Map laziness anti-patterns to OWASP categories when they impact security posture.
Persist OWASP findings and security chunk evidence for each mapped risk.
Escalate blocker decisions according to default policy and evidence severity.

Procedure

Query DB for prior findings/signatures before opening raw reports.
Inspect diff and changed files against spec/plan intent.
Cross-check verification and CI/build outputs for weak claims.
Evaluate anti-pattern catalog from references/anti-pattern-catalog.md.
Record severity-ranked findings with exact file/path anchors.
Persist anti-pattern findings and ship blockers using persist_laziness_audit_memory(...).
Map applicable anti-pattern findings to OWASP Top 10:2025 and persist security findings.
Produce final decision: blocked, conditional, or passes.

Mandatory Checks

Hardcoded config/secrets/URLs/ports/environment assumptions
Magic numbers and strings with poor justification
Bloated files/classes/functions/components
Duplicate logic
Long parameter lists, flag arguments, weak abstractions
Missing failure handling
Weak tests or untested changed behavior
Hidden architecture drift
Unnecessary dependencies
Logging and observability gaps
Style drift from local repository patterns
Retrying CI without diagnosis
Swallowing or masking CI failures
Weak CI observability and non-actionable pipeline events
Unstable pipeline assumptions (flaky/transient treated as proven)
Environment-specific hardcoding in pipeline/build/runtime config
OWASP-tagged lazy handling of access/auth boundaries, injection surfaces, secret handling, integrity checks, and exceptional conditions

Guardrails

Findings must be evidence-based and path-specific.
No ship-ready claim without explicit final decision.
High-severity findings block ship until fixed.
Do not restate unchanged verification/review context; cite DB references.
Security anti-pattern findings must include OWASP category, evidence, and blocker policy.

Handoff

Include:

Findings by severity with path references
Required fixes before ship
Suggested refactors after ship
Final decision: blocked, conditional, or passes

praneethkukunuru/.agents/skills/hephaestus-laziness-audit

.agents/skills/hephaestus-laziness-audit/SKILL.md

# hephaestus-laziness-audit Use this skill as a targeted anti-laziness gate before code is considered ship-ready. ## Purpose Audit implementation quality for common lazy-AI failure patterns and produce a ship-gating report. ## Master Directive This skill MUST follow `.hephaestus/prompts/master-agent-directive.md`. This skill MUST follow `.hephaestus/prompts/db-navigation-contract.md`. This skill MUST follow `.hephaestus/prompts/ci-automation-contract.md`. This skill MUST follow `.hephaestus

tools

Updated Apr 16, 2026

$ install --global

skillsauth

npx skillsauth add praneethkukunuru/synq-test-103 .agents/skills/hephaestus-laziness-audit

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 24, 2026, 8:57 PM1.8s1 file scanned

SKILL.md

hephaestus-laziness-audit

Use this skill as a targeted anti-laziness gate before code is considered ship-ready.

Purpose

Audit implementation quality for common lazy-AI failure patterns and produce a ship-gating report.

Master Directive

Primary Owner

reviewer

Supporting Subagents

system_architect
qa_engineer
devops_infra when config/CI/runtime concerns are touched

Use When

Verification is complete and a ship decision is approaching.
Review needs structured anti-pattern evidence.

Inputs

Git diff
Touched files
.hephaestus/specs/<slug>.md
.hephaestus/plans/<slug>.md
.hephaestus/reports/<slug>-verify.md
CI/build artifacts if available
DB context (review_findings, verification_results, error_signatures, retrieval_chunks, raw_artifacts)
Shared API module (.hephaestus/db/storage/retrieval_api.py)

Outputs

.hephaestus/reports/<slug>-laziness-audit.md
DB updates in review_findings, recurrence_history, error_signatures, and artifact_index
Security DB updates in security_findings, blockers, and security retrieval chunks for OWASP-tagged anti-patterns

DB Reads

get_run_state, get_review_blockers, get_verification_summary, get_relevant_chunks, lookup_recurrence
get_security_findings, get_security_blockers
get_ci_workflow_states, get_ci_failure_summary, get_ci_noise_profile, get_recent_ci_failures_by_signature

DB Writes

register_artifact
insert_row on review_findings
persist_blocker (ship blockers)
persist_retrieval_chunk
persist_fix_pattern (for repeated anti-pattern corrections)
persist_security_finding (when anti-pattern maps to OWASP risk)
persist_security_control and persist_security_gate_decision when anti-pattern implies deterministic security gate failure
persist_ci_workflow_state / record_ci_automation_action when CI anti-patterns are found

OWASP 2025 Security Lens

Map laziness anti-patterns to OWASP categories when they impact security posture.
Persist OWASP findings and security chunk evidence for each mapped risk.
Escalate blocker decisions according to default policy and evidence severity.

Procedure

Query DB for prior findings/signatures before opening raw reports.
Inspect diff and changed files against spec/plan intent.
Cross-check verification and CI/build outputs for weak claims.
Evaluate anti-pattern catalog from references/anti-pattern-catalog.md.
Record severity-ranked findings with exact file/path anchors.
Persist anti-pattern findings and ship blockers using persist_laziness_audit_memory(...).
Map applicable anti-pattern findings to OWASP Top 10:2025 and persist security findings.
Produce final decision: blocked, conditional, or passes.

Mandatory Checks

Hardcoded config/secrets/URLs/ports/environment assumptions
Magic numbers and strings with poor justification
Bloated files/classes/functions/components
Duplicate logic
Long parameter lists, flag arguments, weak abstractions
Missing failure handling
Weak tests or untested changed behavior
Hidden architecture drift
Unnecessary dependencies
Logging and observability gaps
Style drift from local repository patterns
Retrying CI without diagnosis
Swallowing or masking CI failures
Weak CI observability and non-actionable pipeline events
Unstable pipeline assumptions (flaky/transient treated as proven)
Environment-specific hardcoding in pipeline/build/runtime config
OWASP-tagged lazy handling of access/auth boundaries, injection surfaces, secret handling, integrity checks, and exceptional conditions

Guardrails

Findings must be evidence-based and path-specific.
No ship-ready claim without explicit final decision.
High-severity findings block ship until fixed.
Do not restate unchanged verification/review context; cite DB references.
Security anti-pattern findings must include OWASP category, evidence, and blocker policy.

Handoff

Include:

Findings by severity with path references
Required fixes before ship
Suggested refactors after ship
Final decision: blocked, conditional, or passes

Related Skills

praneethkukunuru/system_architect

content-media

VerifiedTrustedCommunity

Design correctness and implementation drift owner

SKILL.mdUpdated Apr 16, 2026

praneethkukunuru/system_architect

praneethkukunuru/scrum_master

tools

VerifiedTrustedCommunity

Stage readiness and artifact completeness owner

SKILL.mdUpdated Apr 16, 2026

praneethkukunuru/scrum_master

praneethkukunuru/roadmap_advisor

tools

VerifiedTrustedCommunity

Roadmap Advisor

SKILL.mdUpdated Apr 16, 2026

praneethkukunuru/roadmap_advisor

praneethkukunuru/reviewer

testing

VerifiedTrustedCommunity

Correctness, security, and maintainability owner

SKILL.mdUpdated Apr 16, 2026

praneethkukunuru/reviewer

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/praneethkukunuru/synq-test-103.git

# Copy into Claude Code skills folder (global)
cp -r synq-test-103/.agents/skills/hephaestus-laziness-audit ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

praneethkukunuru/synq-test-103

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT