williamlimasilva/audit-integrity
skills/audit-integrity/SKILL.md
Shared audit integrity framework for all AppSec agents — enforces output quality, intellectual honesty, and continuous improvement through anti-rationalization guards, self-critique loops, retry protocols, non-negotiable behaviors, self-reflection quality gates (1-10 scoring, ≥8 threshold), and a self-learning system with lesson/memory governance for security analysis agents.
development
Updated Apr 29, 2026
$ install --global
skillsauthnpx skillsauth add williamlimasilva/.copilot audit-integrityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 29, 2026, 2:18 AM379.9s8 files scanned
SKILL.md
- name:
- audit-integrity
- description:
- Shared audit integrity framework for all AppSec agents — enforces output quality, intellectual honesty, and continuous improvement through anti-rationalization guards, self-critique loops, retry protocols, non-negotiable behaviors, self-reflection quality gates (1-10 scoring, ≥8 threshold), and a self-learning system with lesson/memory governance for security analysis agents.
- compatibility:
- Cross-platform. Works with any language or framework analyzed by AppSec agents.
- version:
- 1.0
Audit Integrity Skill
Enforces output quality, intellectual honesty, and continuous improvement across all AppSec agents.
When to Use
- Every security analysis, code review, threat model, or quality scan agent run
- Applied automatically as a post-analysis quality gate
- Applicable to any agent performing SAST, SCA, threat modeling, or code quality analysis
Components
This skill provides 7 reusable capabilities. Agents apply all 7 unless their scope excludes a specific component.
| Component | Reference File | Purpose | |-----------|---------------|---------| | Clarification Protocol | clarification-protocol.md | Ask ≤2 targeted questions before analysis when scope is ambiguous | | Anti-Rationalization Guard | anti-rationalization-guard.md | Table of prohibited rationalizations with mandatory responses | | Self-Critique Loop | self-critique-loop.md | Mandatory second-pass review after initial analysis | | Retry Protocol | retry-protocol.md | Tool failure handling — retry once, then document | | Non-Negotiable Behaviors | non-negotiable-behaviors.md | Hard rules: never fabricate, always cite evidence, report gaps | | Self-Reflection Quality Gate | self-reflection-quality-gate.md | 1–10 scoring rubric with ≥8 threshold per category | | Self-Learning System | self-learning-system.md | Lesson/Memory templates and governance rules |
Execution Flow
- Before analysis: Apply Clarification Protocol if scope is ambiguous
- During analysis: Apply Anti-Rationalization Guard at every decision point
- After initial pass: Execute Self-Critique Loop (mandatory second pass)
- On tool failure: Apply Retry Protocol
- Before delivery: Run Self-Reflection Quality Gate (all categories must score ≥8)
- After delivery: Create Lessons/Memories for novel findings, false positives, or methodology gaps (see Self-Learning System)
Agent-Specific Adaptation
Each agent customizes the Self-Critique Loop checklist and Self-Reflection Quality Gate categories to match its domain. The reference files provide the base templates; agents extend them with domain-specific items.
Example extensions per agent type
- SAST/SCA agents: Add taint trace completeness and manifest coverage checks
- SonarQube-style agents: Add rating sanity check (A–E consistency with findings)
- Threat modeling agents: Add STRIDE category completeness per trust boundary
- Code review agents: Add trust boundary audit with data flow tracing
Related Skills
williamlimasilva/pinecone-rag
development
VerifiedTrustedCommunity
Build production RAG pipelines and persistent agent memory using Pinecone as the vector database backend. ALWAYS USE THIS SKILL when the user mentions Pinecone, wants to index documents for semantic search, build a retrieval-augmented generation system, store agent memory across sessions, implement hybrid search, or connect an LLM to a searchable knowledge base — even if they don't say "Pinecone" explicitly. Also use when the user asks about vector databases for RAG, namespace isolation for multi-tenant agents, embedding pipelines, or scaling a knowledge base beyond what local storage can handle. DO NOT use for local-only vector stores (Chroma, FAISS, pgvector) or pure keyword search with no semantic component.
SKILL.mdUpdated Jun 13, 2026
williamlimasilva/aws-well-architected-review
development
VerifiedTrustedCommunity
Perform an AWS Well-Architected Framework review of the current workload IaC and architecture, generating findings and GitHub issues for improvements.
SKILL.mdUpdated Jun 11, 2026
williamlimasilva/aws-resource-query
devops
VerifiedTrustedCommunity
Query AWS resources using natural language. Covers EC2, S3, RDS, Lambda, ECS, EKS, Secrets Manager, IAM, VPC, networking, messaging, and more. Strictly read-only — no writes, deletes, or mutations.
SKILL.mdUpdated Jun 11, 2026
williamlimasilva/aws-resource-health-diagnose
devops
VerifiedTrustedCommunity
Analyze AWS resource health, diagnose issues from CloudWatch logs and metrics, and create a remediation plan for identified problems.
SKILL.mdUpdated Jun 11, 2026