mirror of
https://github.com/github/awesome-copilot.git
synced 2026-05-01 04:35:55 +00:00
feat: add SAST/SCA Security Analyzer agent and audit-integrity skill (#1458)
Co-authored-by: Vijay Bandi <vijay.bandi@hp.com>
This commit is contained in:
Vijay Bandi
GitHub
15
skills/audit-integrity/references/clarification-protocol.md
Normal file
15
skills/audit-integrity/references/clarification-protocol.md
Normal file
@@ -0,0 +1,15 @@
|
||||
# Clarification Protocol
|
||||
|
||||
Before beginning analysis, pause and ask the user at most **2 targeted questions** when:
|
||||
|
||||
- The system scope, asset boundary, or target module is ambiguous and cannot be inferred from the provided context
|
||||
- A critical trust boundary, privilege tier, or authentication zone is undefined and the analysis would significantly change depending on the interpretation
|
||||
- The business context required for impact prioritization or compliance framework selection is entirely absent
|
||||
- The language or framework cannot be auto-detected from the workspace
|
||||
|
||||
**Rules:**
|
||||
|
||||
1. State your working assumptions explicitly, then proceed
|
||||
2. Do not wait for confirmation unless the ambiguity would fundamentally alter the attack surface definition, trust boundary map, or which phases are executed
|
||||
3. Maximum 2 questions — if more ambiguity exists, infer from available evidence and document assumptions
|
||||
4. If no ambiguity exists, proceed directly without questions
|
||||
Reference in New Issue
Block a user