Awesome/awesome-copilot
1
0
Fork 0
mirror of https://github.com/github/awesome-copilot.git synced 2026-04-30 12:15:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6446c1aa62eddedb4535ae48df3efc9d66f38c77
awesome-copilot/skills/audit-integrity/SKILL.md
Vijay Bandi ba16533333 feat: add SAST/SCA Security Analyzer agent and audit-integrity skill (#1458) 
Co-authored-by: Vijay Bandi <vijay.bandi@hp.com>
2026-04-28 11:46:05 +10:00

3.3 KiB
Raw Blame History

name, description, compatibility, metadata
name description compatibility metadata
audit-integrity Shared audit integrity framework for all AppSec agents — enforces output quality, intellectual honesty, and continuous improvement through anti-rationalization guards, self-critique loops, retry protocols, non-negotiable behaviors, self-reflection quality gates (1-10 scoring, ≥8 threshold), and a self-learning system with lesson/memory governance for security analysis agents. Cross-platform. Works with any language or framework analyzed by AppSec agents.
version
1.0

Audit Integrity Skill

Enforces output quality, intellectual honesty, and continuous improvement across all AppSec agents.

When to Use

  • Every security analysis, code review, threat model, or quality scan agent run
  • Applied automatically as a post-analysis quality gate
  • Applicable to any agent performing SAST, SCA, threat modeling, or code quality analysis

Components

This skill provides 7 reusable capabilities. Agents apply all 7 unless their scope excludes a specific component.

Component Reference File Purpose
Clarification Protocol clarification-protocol.md Ask ≤2 targeted questions before analysis when scope is ambiguous
Anti-Rationalization Guard anti-rationalization-guard.md Table of prohibited rationalizations with mandatory responses
Self-Critique Loop self-critique-loop.md Mandatory second-pass review after initial analysis
Retry Protocol retry-protocol.md Tool failure handling — retry once, then document
Non-Negotiable Behaviors non-negotiable-behaviors.md Hard rules: never fabricate, always cite evidence, report gaps
Self-Reflection Quality Gate self-reflection-quality-gate.md 110 scoring rubric with ≥8 threshold per category
Self-Learning System self-learning-system.md Lesson/Memory templates and governance rules

Execution Flow

  1. Before analysis: Apply Clarification Protocol if scope is ambiguous
  2. During analysis: Apply Anti-Rationalization Guard at every decision point
  3. After initial pass: Execute Self-Critique Loop (mandatory second pass)
  4. On tool failure: Apply Retry Protocol
  5. Before delivery: Run Self-Reflection Quality Gate (all categories must score ≥8)
  6. After delivery: Create Lessons/Memories for novel findings, false positives, or methodology gaps (see Self-Learning System)

Agent-Specific Adaptation

Each agent customizes the Self-Critique Loop checklist and Self-Reflection Quality Gate categories to match its domain. The reference files provide the base templates; agents extend them with domain-specific items.

Example extensions per agent type

  • SAST/SCA agents: Add taint trace completeness and manifest coverage checks
  • SonarQube-style agents: Add rating sanity check (AE consistency with findings)
  • Threat modeling agents: Add STRIDE category completeness per trust boundary
  • Code review agents: Add trust boundary audit with data flow tracing
Reference in New Issue View Git Blame Copy Permalink