Skill

audit

Run comprehensive quality, security, and completeness audit on current work. User-invoked only: do not auto-trigger.

npx claudepluginhub caseyrtalbot/forge --plugin forge

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Run a comprehensive cross-cutting audit of the current workspace against the active plan. Dispatches three specialist agents in parallel (`quality-auditor`, `security-sentinel`, `integration-verifier`), compiles their findings into a single report, and writes the report to `.forge/evidence/verification/audit-report.md`. User-invoked only: do not auto-trigger.

SKILL.md

Similar Skills

finishing-a-development-branch

174.6k

Verifies tests pass on completed feature branch, presents options to merge locally, create GitHub PR, keep as-is or discard; executes choice and cleans up worktree.

superpowers

systematic-debugging

174.6k

Guides root cause investigation for bugs, test failures, unexpected behavior, performance issues, and build failures before proposing fixes.

10 files

superpowers

writing-plans

174.6k

Writes implementation plans from specs for multi-step tasks, mapping files and breaking into TDD bite-sized steps before coding.

1 file

superpowers

Stats

Stars0

Forks0

Last CommitApr 11, 2026

Actions

View Source View Plugin View on GitHub View README

Audit

Run a comprehensive cross-cutting audit of the current workspace against the active plan. Dispatches three specialist agents in parallel (quality-auditor, security-sentinel, integration-verifier), compiles their findings into a single report, and writes the report to .forge/evidence/verification/audit-report.md. User-invoked only: do not auto-trigger.

audit is workspace-scale and complements inspect-work, which is per-task. Use audit when the user wants a single report that covers everything currently on the branch. Use inspect-work during per-task review in the Execution phase.

The audit report must show fresh results, not cached ones. Every agent must run against the current working tree. If any agent reports stale or missing input, re-dispatch it or escalate to the user. Never stitch a report together from partial evidence.

Usage

/forge:audit

Process

Read the active plan file and the current phase from .forge/forge-state.json.
Dispatch three agents in parallel:
- quality-auditor: review all changed files against the plan's tasks and the spec.
- security-sentinel: OWASP-aware vulnerability scan on the diff.
- integration-verifier: run the full test suite and build; capture the output.
Wait for all three to return. If any returned BLOCKED or NEEDS_CONTEXT, resolve and re-dispatch.
Compile a single report with a PASS/FAIL verdict per category and a consolidated list of findings grouped by severity (Critical / Important / Suggestion).
Write the report to .forge/evidence/verification/audit-report.md.
Present the verdict and top findings to the user.

Report Format

# Forge Audit Report — <iso timestamp>

## Verdicts
- Quality:     PASS | FAIL
- Security:    PASS | FAIL
- Integration: PASS | FAIL

## Critical
<items>

## Important
<items>

## Suggestions
<items>

## Evidence
- Quality findings: <path>
- Security findings: <path>
- Integration log:   <path>

Evidence

.forge/evidence/verification/audit-report.md exists and is fresh.
The session transcript shows all three agent invocations and their raw outputs.

Transitions

None. audit returns control to the user with a report. The user decides whether to fix findings, run /forge:advance, or take other action.

Anti-Patterns

Sequential dispatch when parallel is possible: Quality, security, and integration are independent. Dispatch in parallel.
Summarizing without a file: The report must be written to disk. A chat-only summary is not evidence.
Rerunning without re-verifying: If the user runs /forge:audit twice in one session, run the agents again. Do not reuse the prior report.