washingtonguilhardes/debt-scan
.github/skills/debt-scan/SKILL.md
Scan codebase for technical debt and generate prioritized report
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add washingtonguilhardes/example.hr-module debt-scanInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 30, 2026, 2:35 AM102.5s1 file scanned
SKILL.md
- name:
- debt-scan
- description:
- Scan codebase for technical debt and generate prioritized report
DEBT SCAN Task
Persona: Execute this task as the @architect subagent.
Load the persona characteristics from .rulesync/subagents/architect.md before proceeding.
Objective
Scan codebase for technical debt. Categorize by type/severity, analyze impact, generate prioritized report focused on actual problems.
Instructions
-
Discovery: - Scope:
Entire codebase/Specific directory/module/Specific concern- Debt types:All types/Code quality/Testing/Security/Performance/Documentation/Dependencies- Priority trigger:P0 only/P0 and P1/All priorities -
Scan indicators: - Code Quality: TODO/FIXME, duplication, high complexity, long functions (>100 lines), large files (>500 lines), inconsistent patterns, dead code, console.log, commented code - Testing: No coverage, skipped tests, low coverage (<80%), missing E2E, brittle tests, no assertions - Security: Hardcoded secrets, SQL injection, missing validation, unsafe deps, missing auth (if applicable to project), unencrypted data, missing rate limiting, deprecated patterns - Performance: N+1 queries, missing indexes, large bundles, unoptimized images, missing pagination, unnecessary re-renders, memory leaks, blocking ops - Documentation: Missing READMEs, missing JSDoc, outdated docs, undocumented APIs, missing env var docs, no inline comments - Dependencies: Outdated packages, deprecated deps, security vulns, unused deps, duplicate deps
-
Categorize severity: - P0 - Critical: Security vulns in production, data integrity issues, compliance violations, production blockers - P1 - High: Performance degradation, missing tests for critical paths, security concerns (non-exploitable), code blocking development - P2 - Medium: Code quality issues, missing docs, minor performance issues, maintainability concerns - P3 - Low: Code style inconsistencies, minor duplication, non-critical TODOs, optimization opportunities
-
Analyze impact: - For each item: Type, Severity, Location (file:line), Description, Impact (Business/Technical/Risk), Proposed Solution, Benefits
-
Aggregate: - Summary by severity (P0/P1/P2/P3 counts/percentages) - Summary by type (Code Quality/Testing/Security/Performance/Documentation/Dependencies) - Debt hotspots (top areas with most debt)
-
Prioritization matrix: - High Impact (DO FIRST) - Medium Impact (PLAN CAREFULLY) - Low Impact (FILL GAPS)
-
Actionable tasks: - Generate specific tasks for top priorities: Title, File, Solution, Assignee (suggest from git blame) - Group by priority: Critical (P0), High (P1), Medium (P2), Low (P3)
-
Track trends: - If previous scans exist: Compare resolved/new debt, net change, debt velocity, improving/worsening areas
-
Generate report: - Save to:
docs/audits/{date}-tech-debt.md- Include: Executive summary, detailed findings by category, prioritization matrix, recommended actions, trend analysis (if applicable), appendix with all items -
Next steps: - Review P0 items immediately, schedule fixes, assign - Create tasks for P1 items, add to backlog - Plan debt reduction (allocate capacity, prioritize by impact) - Schedule next scan (recommended: monthly) - Share with team, discuss priorities
TODO Composition
Create todos at task start:
debt-scan-discovery- "Gather scan parameters (scope, debt types, priority trigger)"debt-scan-indicators- "Scan for debt indicators (code quality, testing, security, performance, docs, dependencies)"debt-scan-categorize- "Categorize findings by severity (P0/P1/P2/P3)"debt-scan-analyze-impact- "Analyze impact for each finding"debt-scan-aggregate- "Aggregate findings by severity and type, identify hotspots"debt-scan-prioritization- "Create prioritization matrix"debt-scan-actionable-tasks- "Generate actionable tasks for top priorities"debt-scan-track-trends- "Track trends if previous scans exist"debt-scan-generate-report- "Generate technical debt report"debt-scan-next-steps- "Suggest next steps and follow-up actions"
Update status: Mark in_progress when starting each, completed when done.
Related Skills
washingtonguilhardes/trace-audit
testing
VerifiedTrustedCommunity
Analyze distributed traces to find blocking queries, N+1 patterns, and missing tRPC encapsulation, then produce prioritized fixes
SKILL.mdUpdated Apr 16, 2026
washingtonguilhardes/test
testing
VerifiedTrustedCommunity
required reading for all test/spec files or test related queries.
SKILL.mdUpdated Apr 16, 2026
washingtonguilhardes/spec
testing
VerifiedTrustedCommunity
Transform Product Brief into Technical Specification
SKILL.mdUpdated Apr 16, 2026
washingtonguilhardes/spec-drift
development
VerifiedTrustedCommunity
Detect drift between code implementations and specification documents
SKILL.mdUpdated Apr 16, 2026