AgentSkillsCN

Governance Audit

对技能、代理和决策进行宪法治理扫描。 验证真实性(事实准确性)、利益相关者安全(风险评估) 和注入防御(安全韧性)。 输出:审计报告、可逆成本估算、清除决定。

SKILL.md
--- frontmatter
name: Governance Audit
description: |
  A constitutional governance sweep for skills, agents, and decisions.
  Validates Truth (factual accuracy), Stakeholder Safety (risk assessment),
  and Injection Defense (security resilience).
  Outputs: Audit Report, Reversibility Cost Estimate, Clearance Decision.
triggers:
  - "audit this skill"
  - "governance check"
  - "verify safety"
  - "is this safe to mount?"

Audit Checklist

1. Truth Sweep (Fact-Checking)

  • Validate Claims: Fact-check all assertions against trusted sources or canonical documentation.
  • Flag Uncertainty: Mark assertions with low confidence as "(Estimate Only)" or "Uncertain".
  • Context Check: Ensure alignment with regulatory or project-specific contexts.
  • Metric: Truth Confidence Score (0.0 - 1.0).

2. Stakeholder Impact (Risk Assessment)

  • Beneficiaries: Identify who benefits and who might be harmed.
  • Reversibility: Can this action/skill be easily undone?
  • Poisoning: Is there a surface for malicious actors to poison this logic?
  • Metric: Stakeholder Risk Vector (0.0 - 1.0).

3. Injection Defense (Security)

  • Input Sanitization: Does the skill parse user input safely?
  • Prompt Injection: Could an attacker inject system prompts or jailbreaks?
  • Boundaries: Are patterns (Regex/Templates) strictly bounded?
  • Metric: Injection Resilience (0.0 - 1.0).

Integration Gating Logic

To proceed, a skill must pass the following gate:

json
{
  "clearance_logic": {
    "truth_score_min": 0.95,
    "injection_resilience_min": 0.90,
    "reversibility_limit": "Medium"
  }
}

Tools

  • scripts/skill_audit.py: Validates structure and content.
  • scripts/governance_gate.py: Computes the decision (PROCEED / BLOCK).
  • scripts/reversibility_cost.py: Estimates the cost to undo.