Skill

audit

From forge

Run comprehensive quality, security, and completeness audit on current work. User-invoked only: do not auto-trigger.

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/forge:audit

User invocable

Model invocation disabled

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Run a comprehensive cross-cutting audit of the current workspace against the active plan. Dispatches three specialist agents in parallel (`quality-auditor`, `security-sentinel`, `integration-verifier`), compiles their findings into a single report, and writes the report to `.forge/evidence/verification/audit-report.md`. User-invoked only: do not auto-trigger.

SKILL.md

73 lines · ~732 tokens

Stats

LanguageJavaScript

Stars0

MaintenanceExcellent

Last CommitJun 13, 2026

Actions

View Source View Plugin View on GitHub View README

Stats

Actions

Audit

Run a comprehensive cross-cutting audit of the current workspace against the active plan. Dispatches three specialist agents in parallel (quality-auditor, security-sentinel, integration-verifier), compiles their findings into a single report, and writes the report to .forge/evidence/verification/audit-report.md. User-invoked only: do not auto-trigger.

audit is workspace-scale and complements inspect-work, which is per-task. Use audit when the user wants a single report that covers everything currently on the branch. Use inspect-work during per-task review in the Execution phase.

The audit report must show fresh results, not cached ones. Every agent must run against the current working tree. If any agent reports stale or missing input, re-dispatch it or escalate to the user. Never stitch a report together from partial evidence.

Usage

/forge:audit

Process

Read the active plan file and the current phase from .forge/forge-state.json.
Dispatch three agents in parallel:
- quality-auditor: review all changed files against the plan's tasks and the spec.
- security-sentinel: OWASP-aware vulnerability scan on the diff.
- integration-verifier: run the full test suite and build; capture the output.
Wait for all three to return. If any returned BLOCKED or NEEDS_CONTEXT, resolve and re-dispatch.
Compile a single report with a PASS/FAIL verdict per category and a consolidated list of findings grouped by severity (Critical / Important / Suggestion).
Write the report to .forge/evidence/verification/audit-report.md.
Present the verdict and top findings to the user.

Report Format

# Forge Audit Report — <iso timestamp>

## Verdicts
- Quality:     PASS | FAIL
- Security:    PASS | FAIL
- Integration: PASS | FAIL

## Critical
<items>

## Important
<items>

## Suggestions
<items>

## Evidence
- Quality findings: <path>
- Security findings: <path>
- Integration log:   <path>

Evidence

.forge/evidence/verification/audit-report.md exists and is fresh.
The session transcript shows all three agent invocations and their raw outputs.

Transitions

None. audit returns control to the user with a report. The user decides whether to fix findings, run /forge:advance, or take other action.

Anti-Patterns

Sequential dispatch when parallel is possible: Quality, security, and integration are independent. Dispatch in parallel.
Summarizing without a file: The report must be written to disk. A chat-only summary is not evidence.
Rerunning without re-verifying: If the user runs /forge:audit twice in one session, run the agents again. Do not reuse the prior report.

audit

Invocation

Context Preview

SKILL.md

audit

Invocation

Context Preview

SKILL.md

Audit

Usage

Process

Report Format

Evidence

Transitions

Anti-Patterns

Similar Skills

Audit

Usage

Process

Report Format

Evidence

Transitions

Anti-Patterns

Similar Skills