{"id":"0d2de1e7-7319-4010-b4c2-cbf44a98cb3b","shortId":"XHHgzC","kind":"skill","title":"audit-integrity","tagline":"Shared audit integrity framework for all AppSec agents — enforces output quality, intellectual honesty, and continuous improvement through anti-rationalization guards, self-critique loops, retry protocols, non-negotiable behaviors, self-reflection quality gates (1-10 scoring, ≥8 ","description":"# Audit Integrity Skill\n\nEnforces output quality, intellectual honesty, and continuous improvement across all AppSec agents.\n\n## When to Use\n\n- Every security analysis, code review, threat model, or quality scan agent run\n- Applied automatically as a post-analysis quality gate\n- Applicable to any agent performing SAST, SCA, threat modeling, or code quality analysis\n\n## Components\n\nThis skill provides 7 reusable capabilities. Agents apply all 7 unless their scope excludes a specific component.\n\n| Component | Reference File | Purpose |\n|-----------|---------------|---------|\n| Clarification Protocol | [clarification-protocol.md](references/clarification-protocol.md) | Ask ≤2 targeted questions before analysis when scope is ambiguous |\n| Anti-Rationalization Guard | [anti-rationalization-guard.md](references/anti-rationalization-guard.md) | Table of prohibited rationalizations with mandatory responses |\n| Self-Critique Loop | [self-critique-loop.md](references/self-critique-loop.md) | Mandatory second-pass review after initial analysis |\n| Retry Protocol | [retry-protocol.md](references/retry-protocol.md) | Tool failure handling — retry once, then document |\n| Non-Negotiable Behaviors | [non-negotiable-behaviors.md](references/non-negotiable-behaviors.md) | Hard rules: never fabricate, always cite evidence, report gaps |\n| Self-Reflection Quality Gate | [self-reflection-quality-gate.md](references/self-reflection-quality-gate.md) | 1–10 scoring rubric with ≥8 threshold per category |\n| Self-Learning System | [self-learning-system.md](references/self-learning-system.md) | Lesson/Memory templates and governance rules |\n\n## Execution Flow\n\n1. **Before analysis**: Apply Clarification Protocol if scope is ambiguous\n2. **During analysis**: Apply Anti-Rationalization Guard at every decision point\n3. **After initial pass**: Execute Self-Critique Loop (mandatory second pass)\n4. **On tool failure**: Apply Retry Protocol\n5. **Before delivery**: Run Self-Reflection Quality Gate (all categories must score ≥8)\n6. **After delivery**: Create Lessons/Memories for novel findings, false positives, or methodology gaps (see Self-Learning System)\n\n## Agent-Specific Adaptation\n\nEach agent customizes the **Self-Critique Loop** checklist and **Self-Reflection Quality Gate** categories to match its domain. The reference files provide the base templates; agents extend them with domain-specific items.\n\n### Example extensions per agent type\n- **SAST/SCA agents**: Add taint trace completeness and manifest coverage checks\n- **SonarQube-style agents**: Add rating sanity check (A–E consistency with findings)\n- **Threat modeling agents**: Add STRIDE category completeness per trust boundary\n- **Code review agents**: Add trust boundary audit with data flow tracing","tags":["audit","integrity","awesome","copilot","github","agent-skills","agents","custom-agents","github-copilot","hacktoberfest","prompt-engineering"],"capabilities":["skill","source-github","skill-audit-integrity","topic-agent-skills","topic-agents","topic-awesome","topic-custom-agents","topic-github-copilot","topic-hacktoberfest","topic-prompt-engineering"],"categories":["awesome-copilot"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/github/awesome-copilot/audit-integrity","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add github/awesome-copilot","source_repo":"https://github.com/github/awesome-copilot","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 33270 github stars · SKILL.md body (2,775 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T18:52:05.337Z","embedding":null,"createdAt":"2026-04-28T06:51:55.956Z","updatedAt":"2026-05-18T18:52:05.337Z","lastSeenAt":"2026-05-18T18:52:05.337Z","tsv":"'-10':41 '1':40,192,214 '10':193 '2':123,224 '3':236 '4':248 '5':255 '6':269 '7':100,106 '8':43,197,268 'across':55 'adapt':290 'add':333,345,357,367 'agent':11,58,72,86,103,288,292,318,329,332,344,356,366 'agent-specif':287 'alway':180 'ambigu':131,223 'analysi':64,80,95,127,158,216,226 'anti':22,133,229 'anti-ration':21,132,228 'anti-rationalization-guard.md':136 'appli':74,104,217,227,252 'applic':83 'appsec':10,57 'ask':122 'audit':2,5,44,370 'audit-integr':1 'automat':75 'base':316 'behavior':34,173 'boundari':363,369 'capabl':102 'categori':200,265,306,359 'check':340,348 'checklist':299 'cite':181 'clarif':118,218 'clarification-protocol.md':120 'code':65,93,364 'complet':336,360 'compon':96,113,114 'consist':351 'continu':18,53 'coverag':339 'creat':272 'critiqu':27,147,243,297 'custom':293 'data':372 'decis':234 'deliveri':257,271 'document':169 'domain':310,323 'domain-specif':322 'e':350 'enforc':12,47 'everi':62,233 'evid':182 'exampl':326 'exclud':110 'execut':212,240 'extend':319 'extens':327 'fabric':179 'failur':164,251 'fals':277 'file':116,313 'find':276,353 'flow':213,373 'framework':7 'gap':184,281 'gate':39,82,189,263,305 'govern':210 'guard':24,135,231 'handl':165 'hard':176 'honesti':16,51 'improv':19,54 'initi':157,238 'integr':3,6,45 'intellectu':15,50 'item':325 'learn':203,285 'lesson/memory':207 'lessons/memories':273 'loop':28,148,244,298 'mandatori':143,151,245 'manifest':338 'match':308 'methodolog':280 'model':68,91,355 'must':266 'negoti':33,172 'never':178 'non':32,171 'non-negoti':31,170 'non-negotiable-behaviors.md':174 'novel':275 'output':13,48 'pass':154,239,247 'per':199,328,361 'perform':87 'point':235 'posit':278 'post':79 'post-analysi':78 'prohibit':140 'protocol':30,119,160,219,254 'provid':99,314 'purpos':117 'qualiti':14,38,49,70,81,94,188,262,304 'question':125 'rate':346 'ration':23,134,141,230 'refer':115,312 'references/anti-rationalization-guard.md':137 'references/clarification-protocol.md':121 'references/non-negotiable-behaviors.md':175 'references/retry-protocol.md':162 'references/self-critique-loop.md':150 'references/self-learning-system.md':206 'references/self-reflection-quality-gate.md':191 'reflect':37,187,261,303 'report':183 'respons':144 'retri':29,159,166,253 'retry-protocol.md':161 'reusabl':101 'review':66,155,365 'rubric':195 'rule':177,211 'run':73,258 'saniti':347 'sast':88 'sast/sca':331 'sca':89 'scan':71 'scope':109,129,221 'score':42,194,267 'second':153,246 'second-pass':152 'secur':63 'see':282 'self':26,36,146,186,202,242,260,284,296,302 'self-critiqu':25,145,241,295 'self-critique-loop.md':149 'self-learn':201,283 'self-learning-system.md':205 'self-reflect':35,185,259,301 'self-reflection-quality-gate.md':190 'share':4 'skill':46,98 'skill-audit-integrity' 'sonarqub':342 'sonarqube-styl':341 'source-github' 'specif':112,289,324 'stride':358 'style':343 'system':204,286 'tabl':138 'taint':334 'target':124 'templat':208,317 'threat':67,90,354 'threshold':198 'tool':163,250 'topic-agent-skills' 'topic-agents' 'topic-awesome' 'topic-custom-agents' 'topic-github-copilot' 'topic-hacktoberfest' 'topic-prompt-engineering' 'trace':335,374 'trust':362,368 'type':330 'unless':107 'use':61","prices":[{"id":"457196da-705e-4cca-aeda-9f7c97f99091","listingId":"0d2de1e7-7319-4010-b4c2-cbf44a98cb3b","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"github","category":"awesome-copilot","install_from":"skills.sh"},"createdAt":"2026-04-28T06:51:55.956Z"}],"sources":[{"listingId":"0d2de1e7-7319-4010-b4c2-cbf44a98cb3b","source":"github","sourceId":"github/awesome-copilot/audit-integrity","sourceUrl":"https://github.com/github/awesome-copilot/tree/main/skills/audit-integrity","isPrimary":false,"firstSeenAt":"2026-04-28T06:51:55.956Z","lastSeenAt":"2026-05-18T18:52:05.337Z"}],"details":{"listingId":"0d2de1e7-7319-4010-b4c2-cbf44a98cb3b","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"github","slug":"audit-integrity","github":{"repo":"github/awesome-copilot","stars":33270,"topics":["agent-skills","agents","ai","awesome","custom-agents","github-copilot","hacktoberfest","prompt-engineering"],"license":"mit","html_url":"https://github.com/github/awesome-copilot","pushed_at":"2026-05-18T01:26:59Z","description":"Community-contributed instructions, agents, skills, and configurations to help you make the most of GitHub Copilot.","skill_md_sha":"17ce0466be27e318f84ec441767306013a63dc3b","skill_md_path":"skills/audit-integrity/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/github/awesome-copilot/tree/main/skills/audit-integrity"},"layout":"multi","source":"github","category":"awesome-copilot","frontmatter":{"name":"audit-integrity","description":"Shared audit integrity framework for all AppSec agents — enforces output quality, intellectual honesty, and continuous improvement through anti-rationalization guards, self-critique loops, retry protocols, non-negotiable behaviors, self-reflection quality gates (1-10 scoring, ≥8 threshold), and a self-learning system with lesson/memory governance for security analysis agents.","compatibility":"Cross-platform. Works with any language or framework analyzed by AppSec agents."},"skills_sh_url":"https://skills.sh/github/awesome-copilot/audit-integrity"},"updatedAt":"2026-05-18T18:52:05.337Z"}}