{"id":"2d70fee5-e5f9-4ca0-bf69-7e4f820b4078","shortId":"87GYWX","kind":"skill","title":"audit","tagline":"Project-wide health audit pipeline that fans out to all analysis skills in parallel, evaluates findings, and produces a unified report at .turbo/audit.md. Use when the user asks to \"audit the project\", \"run a full audit\", \"project health check\", \"audit my code\", \"codebase audit\",","description":"# Audit\n\nProject-wide health audit. Fans out to all analysis skills, evaluates findings, and writes `.turbo/audit.md` and `.turbo/audit.html`. Analysis-only — does not apply fixes.\n\n## Task Tracking\n\nAt the start, use `TaskCreate` to create a task for each phase:\n\n1. Scope and partition\n2. Threat model\n3. Run analysis skills\n4. Run `/evaluate-findings` skill\n5. Generate markdown report\n6. Generate HTML report\n\n## Step 1: Scope and Partition\n\nIf `$ARGUMENTS` specifies paths, use those directly (skip the question).\n\nOtherwise, use `AskUserQuestion` to confirm scope:\n\n- **All source files** — audit everything\n- **Specific paths** — user provides directories or file patterns\n- **Critical paths** — heuristically identify high-risk areas (entry points, auth, data handling, payment processing)\n\nOnce scope is determined:\n\n1. Glob for source files in the selected scope. Exclude generated and vendored directories (`node_modules/`, `dist/`, `build/`, `vendor/`, `__pycache__/`, `.build/`, `DerivedData/`, `target/`, `.tox/`, and others appropriate to the project).\n2. Partition files by top-level source directory. Cap at 10 partitions. If more than 10 top-level directories exist, group related directories or use `AskUserQuestion` to narrow scope. If a single directory contains 50+ files, sub-partition it by its immediate subdirectories.\n\n## Step 2: Threat Model\n\nCheck if `.turbo/threat-model.md` exists. If it does, continue to Step 3.\n\nIf missing, use `AskUserQuestion` to ask whether to create one before proceeding. The security review benefits from threat model context, but creating one adds time.\n\n- **Yes** — launch an Agent tool call (`model: \"opus\"`, do not set `run_in_background`) whose prompt instructs it to invoke the `/create-threat-model` skill via the Skill tool. Wait for completion before continuing.\n- **No** — continue without a threat model.\n\n## Step 3: Launch All Analysis Skills\n\nRun all analysis skills in parallel.\n\n### Partitioned Skills\n\nFor each skill below, run **one instance per partition** with the partition's file list. Pass `(skip peer review)` annotations through to `/review-code` as an opt-out so it runs internal reviews only — `/peer-review` is scheduled as its own row to avoid duplicate codex runs.\n\n| Skill | Scope |\n|---|---|\n| `/review-code` with `correctness` (skip peer review) | File list |\n| `/review-code` with `security` (skip peer review) | File list |\n| `/review-code` with `api-usage` (skip peer review) | File list |\n| `/review-code` with `consistency` (skip peer review) | File list |\n| `/review-code` with `simplicity` (skip peer review) | File list |\n| `/peer-review` | File list |\n\n### Project-Wide Skills\n\n| Skill | Notes |\n|---|---|\n| `/review-code` with `coverage` (skip peer review) | Project-wide |\n| `/review-dependencies` | Project-wide |\n| `/review-tooling` | Project-wide |\n| `/review-agentic-setup` | Project-wide |\n| `/find-dead-code` | Has its own partitioning |\n\n## Step 4: Run `/evaluate-findings` Skill\n\nAggregate all findings from all agents. Run the `/evaluate-findings` skill once on the combined set.\n\n## Step 5: Generate Markdown Report\n\nWrite `.turbo/audit.md` using the template below. Populate the dashboard by counting findings per category and applying health thresholds. Output the dashboard as text before writing the file.\n\n### Report Template\n\n```markdown\n# Audit Report\n\n**Date:** \n**Scope:** \n\n## Dashboard\n\n| Category | Health | Findings | Critical |\n|---|---|---|---|\n| Correctness | | | |\n| Security | | | |\n| API Usage | | | |\n| Consistency | | | |\n| Simplicity | | | |\n| Test Coverage | | | |\n| Dependencies | | | |\n| Tooling | | | |\n| Dead Code | | | |\n| Agentic Setup | | | |\n| Threat Model | | — | — |\n\n### Health Thresholds\n\n- **Pass** — zero P0/P1 findings in this category\n- **Warn** — P1 findings present but no P0\n- **Fail** — P0 findings present\n\n## Detailed Findings\n\n### Correctness\n\n\n### Security\n\n\n### API Usage\n\n\n### Consistency\n\n\n### Simplicity\n\n\n### Test Coverage\n\n\n### Dependencies\n\n\n### Tooling\n\n\n### Dead Code\n\n\n### Agentic Setup\n\n\n### Threat Model\n\n```\n\n## Step 6: Generate HTML Report\n\nConvert the markdown report into a styled, interactive HTML page.\n\n1. Run the `/frontend-design` skill to load design principles.\n2. Read `.turbo/audit.md` for the full report content.\n3. Write a self-contained `.turbo/audit.html` (single file, no external dependencies beyond Google Fonts) that presents all findings from the markdown report with:\n - Dashboard health grid with severity color-coding (red=Fail, amber=Warn, green=Pass)\n - Severity summary bar (P0/P1/P2/P3 counts)\n - Sticky navigation between report sections\n - Collapsible category sections\n - Finding tables with file, line, and description columns\n - Severity badges and color-coded group labels\n - Entrance animations and hover states\n - Print-friendly styles via `@media print`\n - Responsive layout for mobile\n\n## Rules\n\n- If any skill is unavailable or fails, proceed with findings from the remaining skills and note the failure in the report.\n- `/peer-review` covers all concerns (correctness, security, api-usage, consistency, simplicity, coverage). Distribute its findings into their matching category sections. Deduplicate findings that overlap with the specialized reviewers.\n- Does not modify source code, stage files, or commit.","tags":["audit","turbo","tobihagemann","agent-skills","claude-code","claude-skills","developer-tools","skills"],"capabilities":["skill","source-tobihagemann","skill-audit","topic-agent-skills","topic-claude-code","topic-claude-skills","topic-developer-tools","topic-skills"],"categories":["turbo"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/tobihagemann/turbo/audit","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add tobihagemann/turbo","source_repo":"https://github.com/tobihagemann/turbo","install_from":"skills.sh"}},"qualityScore":"0.590","qualityRationale":"deterministic score 0.59 from registry signals: · indexed on github topic:agent-skills · 280 github stars · SKILL.md body (6,016 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T06:54:07.431Z","embedding":null,"createdAt":"2026-04-18T22:03:26.943Z","updatedAt":"2026-04-22T06:54:07.431Z","lastSeenAt":"2026-04-22T06:54:07.431Z","tsv":"'/create-threat-model':300 '/evaluate-findings':100,459,469 '/find-dead-code':451 '/frontend-design':603 '/peer-review':365,421,722 '/review-agentic-setup':447 '/review-code':353,379,387,395,405,413,430 '/review-dependencies':439 '/review-tooling':443 '1':87,111,163,600 '10':204,209 '2':91,193,240,609 '3':94,253,318,617 '4':98,457 '5':102,477 '50':229 '6':106,586 'add':277 'agent':282,466,541,581 'aggreg':461 'amber':651 'analysi':13,57,67,96,321,325 'analysis-on':66 'anim':685 'annot':350 'api':398,524,571,729 'api-usag':397,728 'appli':71,496 'appropri':189 'area':151 'argument':116 'ask':30,259 'askuserquest':127,220,257 'audit':1,6,32,38,42,46,47,52,134,511 'auth':154 'avoid':373 'background':292 'badg':677 'bar':657 'benefit':269 'beyond':629 'build':180,183 'call':284 'cap':202 'categori':494,516,555,666,740 'check':41,243 'code':44,539,580,648,681,754 'codebas':45 'codex':375 'collaps':665 'color':647,680 'color-cod':646,679 'column':675 'combin':474 'commit':758 'complet':308 'concern':725 'confirm':129 'consist':407,527,573,731 'contain':228,622 'content':616 'context':273 'continu':250,310,312 'convert':590 'correct':381,520,569,726 'count':491,659 'cover':723 'coverag':432,532,576,733 'creat':81,262,275 'critic':144,519 'dashboard':489,501,515,641 'data':155 'date':513 'dead':538,579 'dedupl':742 'depend':534,577,628 'deriveddata':184 'descript':674 'design':607 'detail':567 'determin':162 'direct':121 'directori':140,176,201,213,217,227 'dist':179 'distribut':734 'duplic':374 'entranc':684 'entri':152 'evalu':17,59 'everyth':135 'exclud':172 'exist':214,246 'extern':627 'fail':563,650,707 'failur':718 'fan':9,53 'file':133,142,167,195,230,344,385,393,403,411,419,422,507,625,671,756 'find':18,60,463,492,518,552,558,565,568,635,668,710,736,743 'fix':72 'font':631 'friend':691 'full':37,614 'generat':103,107,173,478,587 'glob':164 'googl':630 'green':653 'grid':643 'group':215,682 'handl':156 'health':5,40,51,497,517,547,642 'heurist':146 'high':149 'high-risk':148 'hover':687 'html':108,588,598 'identifi':147 'immedi':237 'instanc':337 'instruct':295 'interact':597 'intern':362 'invok':298 'label':683 'launch':280,319 'layout':697 'level':199,212 'line':672 'list':345,386,394,404,412,420,423 'load':606 'markdown':104,479,510,592,638 'match':739 'media':694 'miss':255 'mobil':699 'model':93,242,272,285,316,545,584 'modifi':752 'modul':178 'narrow':222 'navig':661 'node':177 'note':429,716 'one':263,276,336 'opt':357 'opt-out':356 'opus':286 'other':188 'otherwis':125 'output':499 'overlap':745 'p0':562,564 'p0/p1':551 'p0/p1/p2/p3':658 'p1':557 'page':599 'parallel':16,328 'partit':90,114,194,205,233,329,339,342,455 'pass':346,549,654 'pass/warn/fail':521,523,526,528,530,533,535,537,540,543 'path':118,137,145 'pattern':143 'payment':157 'peer':348,383,391,401,409,417,434 'per':338,493 'phase':86 'pipelin':7 'point':153 'popul':487 'present':559,566,633 'present/missing':546 'principl':608 'print':690,695 'print-friend':689 'proceed':265,708 'process':158 'produc':20 'project':3,34,39,49,192,425,437,441,445,449 'project-wid':2,48,424,436,440,444,448 'prompt':294 'provid':139 'pycach':182 'question':124 'read':610 'red':649 'relat':216 'remain':713 'report':23,105,109,480,508,512,589,593,615,639,663,721 'respons':696 'review':268,349,363,384,392,402,410,418,435,749 'risk':150 'row':371 'rule':700 'run':35,95,99,290,323,335,361,376,458,467,601 'schedul':367 'scope':88,112,130,160,171,223,378,514 'section':664,667,741 'secur':267,389,522,570,727 'select':170 'self':621 'self-contain':620 'set':289,475 'setup':542,582 'sever':645,655,676 'simplic':415,529,574,732 'singl':226,624 'skill':14,58,97,101,301,304,322,326,330,333,377,427,428,460,470,604,703,714 'skill-audit' 'skip':122,347,382,390,400,408,416,433 'sourc':132,166,200,753 'source-tobihagemann' 'special':748 'specif':136 'specifi':117 'stage':755 'start':77 'state':688 'step':110,239,252,317,456,476,585 'sticki':660 'style':596,692 'sub':232 'sub-partit':231 'subdirectori':238 'summari':656 'tabl':669 'target':185 'task':73,83 'taskcreat':79 'templat':485,509 'test':531,575 'text':503 'threat':92,241,271,315,544,583 'threshold':498,548 'time':278 'tool':283,305,536,578 'top':198,211 'top-level':197,210 'topic-agent-skills' 'topic-claude-code' 'topic-claude-skills' 'topic-developer-tools' 'topic-skills' 'tox':186 'track':74 'turbo/audit.html':65,623 'turbo/audit.md':25,63,482,611 'turbo/threat-model.md':245 'unavail':705 'unifi':22 'usag':399,525,572,730 'use':26,78,119,126,219,256,483 'user':29,138 'vendor':175,181 'via':302,693 'wait':306 'warn':556,652 'whether':260 'whose':293 'wide':4,50,426,438,442,446,450 'without':313 'write':62,481,505,618 'yes':279 'zero':550","prices":[{"id":"b10f190f-4528-4387-a2af-0c2f35d84f54","listingId":"2d70fee5-e5f9-4ca0-bf69-7e4f820b4078","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"tobihagemann","category":"turbo","install_from":"skills.sh"},"createdAt":"2026-04-18T22:03:26.943Z"}],"sources":[{"listingId":"2d70fee5-e5f9-4ca0-bf69-7e4f820b4078","source":"github","sourceId":"tobihagemann/turbo/audit","sourceUrl":"https://github.com/tobihagemann/turbo/tree/main/skills/audit","isPrimary":false,"firstSeenAt":"2026-04-18T22:03:26.943Z","lastSeenAt":"2026-04-22T06:54:07.431Z"}],"details":{"listingId":"2d70fee5-e5f9-4ca0-bf69-7e4f820b4078","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"tobihagemann","slug":"audit","github":{"repo":"tobihagemann/turbo","stars":280,"topics":["agent-skills","claude-code","claude-skills","developer-tools","skills"],"license":"mit","html_url":"https://github.com/tobihagemann/turbo","pushed_at":"2026-04-22T06:06:24Z","description":"A composable dev process for Claude Code, packaged as modular skills.","skill_md_sha":"6f7e3fd3cc4e1cf728fbf8bf64f20277ebf622ff","skill_md_path":"skills/audit/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/tobihagemann/turbo/tree/main/skills/audit"},"layout":"multi","source":"github","category":"turbo","frontmatter":{"name":"audit","description":"Project-wide health audit pipeline that fans out to all analysis skills in parallel, evaluates findings, and produces a unified report at .turbo/audit.md. Use when the user asks to \"audit the project\", \"run a full audit\", \"project health check\", \"audit my code\", \"codebase audit\", or \"comprehensive review\"."},"skills_sh_url":"https://skills.sh/tobihagemann/turbo/audit"},"updatedAt":"2026-04-22T06:54:07.431Z"}}