Login
Download
Skills Development Security Audit Integrity Framework

Security Audit Integrity Framework

v20260428
audit-integrity
This framework enforces high output quality, intellectual honesty, and continuous improvement across all AppSec agents. It mandates structured processes, including self-critique loops, anti-rationalization guards, and self-reflection quality gates (≥8 scoring). Applicable during code review, SAST, SCA, and threat modeling, it ensures rigorous and verifiable security analysis.
Security AppSec Code Review Threat Modeling Quality Assurance Auditing
Get Skill
70 downloads
Overview

Audit Integrity Skill

Enforces output quality, intellectual honesty, and continuous improvement across all AppSec agents.

When to Use

  • Every security analysis, code review, threat model, or quality scan agent run
  • Applied automatically as a post-analysis quality gate
  • Applicable to any agent performing SAST, SCA, threat modeling, or code quality analysis

Components

This skill provides 7 reusable capabilities. Agents apply all 7 unless their scope excludes a specific component.

Component Reference File Purpose
Clarification Protocol clarification-protocol.md Ask ≤2 targeted questions before analysis when scope is ambiguous
Anti-Rationalization Guard anti-rationalization-guard.md Table of prohibited rationalizations with mandatory responses
Self-Critique Loop self-critique-loop.md Mandatory second-pass review after initial analysis
Retry Protocol retry-protocol.md Tool failure handling — retry once, then document
Non-Negotiable Behaviors non-negotiable-behaviors.md Hard rules: never fabricate, always cite evidence, report gaps
Self-Reflection Quality Gate self-reflection-quality-gate.md 1–10 scoring rubric with ≥8 threshold per category
Self-Learning System self-learning-system.md Lesson/Memory templates and governance rules

Execution Flow

  1. Before analysis: Apply Clarification Protocol if scope is ambiguous
  2. During analysis: Apply Anti-Rationalization Guard at every decision point
  3. After initial pass: Execute Self-Critique Loop (mandatory second pass)
  4. On tool failure: Apply Retry Protocol
  5. Before delivery: Run Self-Reflection Quality Gate (all categories must score ≥8)
  6. After delivery: Create Lessons/Memories for novel findings, false positives, or methodology gaps (see Self-Learning System)

Agent-Specific Adaptation

Each agent customizes the Self-Critique Loop checklist and Self-Reflection Quality Gate categories to match its domain. The reference files provide the base templates; agents extend them with domain-specific items.

Example extensions per agent type

  • SAST/SCA agents: Add taint trace completeness and manifest coverage checks
  • SonarQube-style agents: Add rating sanity check (A–E consistency with findings)
  • Threat modeling agents: Add STRIDE category completeness per trust boundary
  • Code review agents: Add trust boundary audit with data flow tracing
Info
Category Development
Name audit-integrity
Version v20260428
Size 8.83KB
Source github/awesome-copilot
Updated At 2026-04-29
Language
简体中文
English