What does the Project Workflow Auditor Agent do?

It performs a deep audit of your codebase, configurations, and workflows to ensure security, compliance with project standards, and overall release readiness.

What specific files does it check for compliance?

It audits adherence to documentation such as AGENTS.md, CONTRIBUTING.md, and SECURITY.md to ensure the project follows its own defined governance rules.

Can it help with GitHub Actions security?

Yes, one of its primary functions is reviewing CI/CD workflows for safety, best practices, and consistency across the repository.

What is the output of this skill?

The skill generates a Project & Workflow Audit Report which includes a list of prioritized, actionable tasks with specific acceptance criteria for remediation.

How does it handle sensitive information like secrets?

The agent is designed to be security-conscious; it uses filename-only search patterns to identify potential secret leaks without printing the actual sensitive data to the logs.

Project Workflow Auditor

Name: Project Workflow Auditor
Author: koala-man-64

bykoala-man-64

Security & Testing

Audits repositories for security vulnerabilities, CI/CD safety, and compliance with engineering standards to ensure production readiness.

About

The Project Workflow Auditor Agent provides a comprehensive governance layer for your software development lifecycle by systematically reviewing repository security, CI/CD workflow safety, and adherence to internal documentation. It automates the identification of inconsistencies across code, configurations, and docs, helping teams enforce engineering guardrails and prepare for stable releases. By utilizing specialized scripts and checklists, the skill produces prioritized, actionable work items that ensure your project meets rigorous delivery standards and governance requirements.

Key Features

Comprehensive repo-wide security and governance audits
CI/CD workflow and SDLC compliance verification
Validation of AGENTS.md and CONTRIBUTING.md adherence
Prioritized reporting with clear acceptance criteria
0 GitHub stars
Automated evidence collection via project snapshots

Use Cases

Reviewing GitHub Actions workflows for security and safety
Enforcing engineering guardrails across a development team
Preparing a repository for a major production release

About

Key Features

Comprehensive repo-wide security and governance audits
CI/CD workflow and SDLC compliance verification
Validation of AGENTS.md and CONTRIBUTING.md adherence
Prioritized reporting with clear acceptance criteria
0 GitHub stars
Automated evidence collection via project snapshots

Use Cases

Reviewing GitHub Actions workflows for security and safety
Enforcing engineering guardrails across a development team
Preparing a repository for a major production release