From greenfield
Audits sanitized specs for structural leakage, content contamination, and behavioral completeness using three parallel LLM-based reviewers. Run after sanitization, before implementation handoff.
How this skill is triggered — by the user, by Claude, or both
Slash command
/greenfield:second-pass-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Sanitization is necessary but insufficient. The author of a sanitized spec can't reliably catch their own leaks — the same assumptions that let implementation details slip in during the rewrite also let them slip past a self-review. A fresh read, with no access to the raw analysis, catches drift the author missed.
Sanitization is necessary but insufficient. The author of a sanitized spec can't reliably catch their own leaks — the same assumptions that let implementation details slip in during the rewrite also let them slip past a self-review. A fresh read, with no access to the raw analysis, catches drift the author missed.
Sanitization alone misses contamination in predictable categories:
Root causes:
digraph audit_pipeline {
rankdir=TB;
compound=true;
"Layer 5 sanitization complete" [shape=doublecircle];
"Audit PASS — proceed to implementation" [shape=doublecircle];
"STOP: Audit failed after 3 remediation attempts" [shape=octagon, style=filled, fillcolor=red, fontcolor=white];
subgraph cluster_specialist {
label="Parallel Specialist Reviewers (read every file, apply semantic checklists)";
style=dashed;
"structural-leakage-reviewer" [shape=box];
"content-contamination-reviewer" [shape=box];
"behavioral-completeness-reviewer" [shape=box];
}
subgraph cluster_generalist {
label="Parallel Deep-Read Generalists (4-5 files each, full contextual judgment)";
style=dashed;
"deep-read-auditor-1" [shape=box];
"deep-read-auditor-2" [shape=box];
"deep-read-auditor-N" [shape=box];
}
"Merge all audit reports" [shape=box];
"Any FAIL?" [shape=diamond];
"Dispatch targeted fix agents" [shape=box];
"Re-audit failing files" [shape=box];
"Attempts < 3?" [shape=diamond];
"Layer 5 sanitization complete" -> "structural-leakage-reviewer";
"Layer 5 sanitization complete" -> "content-contamination-reviewer";
"Layer 5 sanitization complete" -> "behavioral-completeness-reviewer";
"Layer 5 sanitization complete" -> "deep-read-auditor-1";
"Layer 5 sanitization complete" -> "deep-read-auditor-2";
"Layer 5 sanitization complete" -> "deep-read-auditor-N";
"structural-leakage-reviewer" -> "Merge all audit reports";
"content-contamination-reviewer" -> "Merge all audit reports";
"behavioral-completeness-reviewer" -> "Merge all audit reports";
"deep-read-auditor-1" -> "Merge all audit reports";
"deep-read-auditor-2" -> "Merge all audit reports";
"deep-read-auditor-N" -> "Merge all audit reports";
"Merge all audit reports" -> "Any FAIL?";
"Any FAIL?" -> "Audit PASS — proceed to implementation" [label="all PASS"];
"Any FAIL?" -> "Dispatch targeted fix agents" [label="any FAIL"];
"Dispatch targeted fix agents" -> "Re-audit failing files";
"Re-audit failing files" -> "Attempts < 3?";
"Attempts < 3?" -> "structural-leakage-reviewer" [label="yes"];
"Attempts < 3?" -> "STOP: Audit failed after 3 remediation attempts" [label="no"];
}
workspace/output/ — auditors check what reached the output without cross-referencing the raw analysisworkspace/raw/audit/ alongside other analysis artifactsworkspace/output/audit/ so downstream consumers see review outcomesPattern matching is fundamentally the wrong tool for contamination detection. It produces both false positives and false negatives at rates that make it unreliable as a primary mechanism.
False positives are pervasive. Patterns that detect minified identifiers also match regex character classes, priority levels (P0, P1), and standard technology names. Patterns for code structure language match natural English ("cannot function without"). Patterns for module counts match legitimate behavioral quantities ("supports 3 output formats"). An auditor drowning in false positives either wastes time on noise or starts ignoring real findings.
Contextual contamination is invisible to patterns. No regex can detect:
Semantic judgment catches everything patterns miss. The core test is simple: "Would an implementor encounter this exact string without seeing the source code?" An LLM can apply this test to every identifier, name, and reference in a spec, using contextual understanding that patterns lack. This catches minified symbols, internal function names, vendor-specific flags, and structural leakage — all with a single semantic criterion rather than a brittle pattern library.
All auditors — specialist reviewers and deep-read generalists — are LLM agents that read files end-to-end and apply semantic judgment. There is no grep triage phase.
Three parallel agents (structural-leakage-reviewer, content-contamination-reviewer, behavioral-completeness-reviewer) each read every file in workspace/output/specs/ and apply their category-specific checklists. See the role sections below for their checklists.
Each specialist reviewer:
workspace/output/specs/ end-to-endIn parallel with the specialists, dispatch deep-read auditor agents (one per 4-5 domain files) with this prompt template:
Role: deep-read auditor
Skill: second-pass-review
Read each of these files END TO END:
- workspace/output/specs/domains/<file1>.md
- workspace/output/specs/domains/<file2>.md
- ...
## The Test
For every identifier, name, or reference in the spec, ask:
**"Would an implementor encounter this exact string without seeing the source code?"**
If YES (it's in official docs, CLI help, config schemas, API specs, protocol standards) → CLEAN.
If NO (it came from reading the source code, observing internal state, or reverse engineering) → CONTAMINATION.
This test catches everything: minified gibberish, internal function names, internal feature flags, internal telemetry events, source file paths, and line numbers. No pattern list needed — just judgment.
## Common traps
- **Descriptive camelCase**: `shouldRetryOnTimeout` looks like English but it's an internal variable name. A different developer would call it something else. CONTAMINATION.
- **Feature flags with vendor prefixes**: vendor-prefixed flags (e.g., `<vendor>_experiment_*`, `ff_<scope>_*`) — these are internal, not user-facing. CONTAMINATION.
- **Telemetry event names**: `request_rate_limited`, `worker_shutdown_initiated` — internal analytics. CONTAMINATION.
- **Config property names that look behavioral**: `strictSchemaValidation` — is this the actual config key users write, or an internal state property? Check the config schema spec to verify.
## What is NOT contamination
- Environment variables users set: `DATABASE_URL`, `CACHE_DISABLE_TTL`
- CLI flags: `--format`, `--workers`, `--follow`
- Config file keys users type: `upstreams`, `log_level`, `read_timeout`
- API/protocol field names: `Retry-After`, `Content-Type`, `Authorization`
- Public library/tool names: `jq`, `ffmpeg`, `pandoc`
- Standard tech names: `OAuth`, `PKCE`, `TLS`, `JWT`
- IDE names: `PyCharm`, `GoLand`, `VSCode`
For each file, report:
1. PASS or FAIL
2. If FAIL: exact line numbers and the contaminating text
3. Brief explanation of why it's contamination (applying the test above)
Write findings to workspace/raw/audit/deep-read-<batch>.md
For each file that failed any audit (specialist or generalist), dispatch a fix agent:
Role: contamination fixer
Skill: spec-sanitization (contamination taxonomy + rewrite patterns)
Read workspace/output/specs/domains/<file>.md
The audit found these specific issues:
[paste exact findings with line numbers]
Fix ONLY the identified issues. Do NOT rewrite clean content.
For each fix, apply the appropriate rewrite pattern:
- Minified IDs → remove or describe the behavior
- Line numbers → remove the "line NNN" reference, keep the behavioral content
- Module names → replace with behavioral domain description
- Feature flags → "a feature gate controlling [behavior]"
- Part N: headers → behavioral domain name
Write the corrected file back to the same path.
After all fixes, re-run audit (specialists + deep-read) on previously-failing files. Repeat up to 3 times.
Checks whether the organizational structure of workspace/output/ leaks the original's internal module decomposition.
Why this matters: output specs describe behavior, not the original's architecture. An implementer anchored to the original's module structure will reproduce its design — even when a different decomposition would be better for the new implementation. Module counts, inter-module tables, and domain-to-module mappings all encode architectural decisions that should be the implementer's to make fresh.
Read every file in workspace/output/specs/ end-to-end. For each file, check all 8 categories. Apply the core test: "Would an implementor encounter this exact string without seeing the source code?"
Scan all #, ##, ### headers. Flag any header that contains a source module name, internal component name, or internal package name rather than a behavioral domain description.
A header like "Session Management" is behavioral (PASS). A header like "Fx3 Module" or "Part 3: CacheManager" is structural leakage (FAIL).
The Part N: numbering pattern reveals the original module decomposition count and ordering. Any Part N: header is FAIL. Clean specs use behavioral domain names, not numbered parts.
Any reference to a specific count of modules, components, or source files reveals the internal decomposition. FAIL unless the count refers to a user-facing concept (e.g., "supports 3 output formats").
Section headings or content that reference module-to-module relationships (e.g., "cross-module", "inter-module", "module boundary", "module interface", "module dependency"). All are FAIL. Clean specs describe behavioral integration, not module interfaces.
Internal module identifiers from the analysis module map. Any MOD-NNN reference is FAIL.
Tables showing which module consumes which module's interface. Look for language like "consumes", "consumed by", "provides to", "depends on module", "module provides".
"Depends on the API key being set" is behavioral (PASS). "Depends on AuthModule" is structural (FAIL).
Any text that maps a behavioral domain back to its source module(s). Look for language like "from module", "source module", "originally in", "derived from module", "mapped from". All are FAIL.
Any reference to workspace/raw/ or files within it. All are FAIL.
Write detailed report to workspace/raw/audit/structural-leakage.md:
Write summary to workspace/output/audit/structural-summary.md:
Checks whether implementation-specific content from the original source survives in workspace/output/.
Read every file in workspace/output/specs/ end-to-end. For each file, check all 12 categories. Apply the core test: "Would an implementor encounter this exact string without seeing the source code?"
Short alphanumeric tokens that are artifacts of minification or bundling (e.g., Ab2, sp, r0, Fx3, Qz). Look for 2-3 character tokens that have no English meaning and appear in code-like or identifier-like contexts.
Two-letter abbreviations like "UI", "IO", "ID" are OK. Behavioral acronyms like "API", "CLI", "SDK" are OK. If the token has no English meaning, it's contamination.
References to specific source code line numbers (e.g., "line 42", "L157", ":234:"). FAIL unless referencing a user-facing output (e.g., "error reported at line 5 of the config file").
Internal source file paths, import paths, or bundle chunk references. Look for paths containing src/, lib/, dist/, package manager directories, source file extensions in path context, or bundle chunk references (e.g., chunk-042).
FAIL for all internal paths. Clean specs reference user-facing paths only (e.g., ~/.config/app/settings.json).
Named functions, classes, or methods from the source code. Look for camelCase identifiers that look like function/method names (e.g., parseArgs(), serializeResponse()), and PascalCase identifiers that look like class names (e.g., JobRunner, QueueHandler).
Well-known compound words like "JavaScript", "TypeScript", "WebSocket" are legitimate (PASS). Internal names that a different developer would name differently are contamination (FAIL).
Phrases that describe internal code organization rather than observable behavior. Look for text that names specific functions, classes, or methods and describes calling relationships between them.
"Calls the API endpoint" is behavioral (PASS). "Calls parseArgs() which returns..." is code structure (FAIL).
Internal inter-process communication channel identifiers. Look for IPC-prefixed names, channel string literals, or message-passing identifiers that are internal to the implementation.
Rewrite guidance: Replace with "internal messaging mechanism" or describe the behavioral outcome instead.
Internal state management property names — selectors, store accessors, or state library-specific patterns. Look for references to specific state management libraries or their API patterns.
Rewrite guidance: Replace with behavioral descriptions of the managed state (e.g., "session state data", "user preferences store").
Internal feature flag identifiers and telemetry/analytics event names. These are NOT user-facing — they are internal implementation identifiers that happen to be strings rather than minified symbols. Look for:
FF_*, FEATURE_*, vendor-prefixed flags)<vendor>_experiment_*, ff_<scope>_*), experiment_*)The test is: does a user type this? If the user never sees or configures this string, it is an internal identifier and MUST be generalized.
Rewrite guidance: Replace flag names with "a feature gate controlling [behavioral description]". Replace telemetry event names with "a telemetry event recording [what is measured]".
Internal styling class names or module identifiers (CSS classes, BEM naming, styled-component references, styling module paths). FAIL for all. Clean specs describe visual behavior, not styling implementation.
Internal database table names, column names, migration identifiers, or storage API references. Look for SQL statements, database file extensions, migration identifiers, or client-side storage API calls.
Rewrite guidance: Replace with behavioral data persistence descriptions (e.g., "persists session data locally").
External system exception: Matches in workspace/output/specs/contracts/ files (database contracts, API contracts, CLI contracts, format contracts) are NOT contamination. External system contracts document interfaces the reimplementation must conform to — the schema/API/CLI details are behavioral constraints, not implementation choices.
Internal application filenames that are not user-facing. Look for filenames with source code extensions that name internal implementation files rather than user-facing configuration or output files.
User-facing filenames (e.g., config.json, settings.yaml) are PASS. Internal source files (e.g., auth-handler.py, session-manager.go) are FAIL.
Specific selector or accessor patterns from state management libraries (e.g., selectUserState, useSessionStore, getAuthState). FAIL unless describing a user-facing API.
Write detailed report to workspace/raw/audit/content-contamination.md:
Write summary to workspace/output/audit/content-summary.md:
Checks that sanitization preserved all behavioral information. This is the "did we throw the baby out with the bathwater?" check.
Read every file in workspace/output/specs/ end-to-end. For each file, assess behavioral completeness across all 9 categories. The question here is not "is this contaminated?" but "is critical behavioral information missing?"
Count unique SPEC IDs across all output specs. Compare against the SPEC ID index (if one exists in output/). Flag any SPEC IDs that appear in the raw sanitization report but not in output. FAIL if count is significantly lower than expected.
Every stateful behavioral domain should have state machine documentation (states, transitions, triggers). Look for state machine descriptions, state diagrams, transition tables. FAIL if zero across all specs (unless all domains are genuinely stateless).
Specs must document error conditions with equal depth to normal operations. Look for error condition descriptions, failure modes, error responses. FAIL if no error handling documentation exists.
Every spec should document boundary conditions. Look for edge case descriptions, boundary conditions, corner cases, special cases. FAIL if none are documented.
Behavioral branching logic must be documented. Look for decision trees, conditional logic descriptions, branching behavior. FAIL if no branching logic is documented.
Acceptance criteria should reference SPEC IDs they verify. Check workspace/output/validation/ for acceptance criteria with SPEC ID references. FAIL if zero acceptance criteria exist.
Test vectors should exist in workspace/output/test-vectors/ and contain concrete input/output pairs. FAIL if zero test vector files or zero concrete pairs.
Named constants, magic numbers, timeout values, and limits should survive sanitization. Look for numeric values with units (ms, seconds, bytes, KB, MB), and named constants (MAX, MIN, DEFAULT, LIMIT, TIMEOUT, THRESHOLD). Low count may indicate constants were stripped during sanitization.
Every behavioral claim should have MUST/SHOULD/MAY annotation (RFC 2119 language). FAIL if zero requirement-level keywords exist.
Write detailed report to workspace/raw/audit/behavioral-completeness.md:
Write summary to workspace/output/audit/completeness-summary.md:
When any audit role or deep-read agent reports FAIL:
For each affected file, dispatch greenfield:analyzer:
Role: contamination fixer
Skill: spec-sanitization
Read workspace/output/specs/domains/<file>.md
The audit found these specific issues:
- Line [N]: [exact finding and category]
- Line [M]: [exact finding and category]
Fix ONLY the identified issues. For each:
1. Read the surrounding context (5 lines before/after)
2. Determine if this is real contamination or false positive
3. If real: apply the matching rewrite pattern from the skill
4. If false positive: leave unchanged
Write the corrected file back to the same path.
workspace/
├── raw/
│ └── audit/ # Detailed reports WITH evidence (stays in raw)
│ ├── structural-leakage.md
│ ├── content-contamination.md
│ └── behavioral-completeness.md
└── output/
└── audit/ # Summaries (outcomes only)
├── structural-summary.md
├── content-summary.md
└── completeness-summary.md
workspace/output/workspace/output/workspace/output/workspace/raw/audit/workspace/output/audit/ (outcomes only)review-complete git tag appliednpx claudepluginhub earchibald/prime-radiant-marketplace --plugin greenfield2plugins reuse this skill
First indexed Jul 8, 2026
Sanitizes analysis specs by removing implementation details and rewriting from behavioral understanding while preserving provenance metadata. Run after analysis, before implementation.
Audits design artifact alignment across a project, detecting drift between ADRs and specs. Use for architecture audits, drift reports, or spec compliance reviews.
Reviews spec.md files for completeness, clarity, implementability, testability, and structure. Identifies ambiguities, gaps, and missing sections before implementation.