Auditing Context
Automatically load active audit session data when the user is working in the context of a runtime audit.
When to Use
Invoke this skill when the user:
- •Is working on code that has pending audit injections
- •Asks about audit findings or captured data
- •Discusses runtime behavior verification
- •References "the audit" or a specific audit ID
- •Is making changes to audited code paths
- •Asks about injected logs or cleanup status
Instructions
Step 1: Check for Active Audits
Read docs/audits/registry.json to find active audit sessions.
json
{
"audits": [
{
"id": "auth-flow-001",
"status": "in-progress",
"name": "Login Flow Verification"
}
]
}
Filter for audits with status: "in-progress".
Step 2: Load Active Audit Context
For relevant audits, read:
code
docs/audits/[audit-id]/ ├── session.json # Current phase, target description, questions ├── injections.json # Active injections in code └── report.md # Findings (if analysis complete)
Step 3: Check for Injected Code
If there are active injections:
- •Read
injections.jsonto understand what's currently injected - •Be aware of which files have audit instrumentation
- •Warn user if they're editing files with active injections
Step 4: Use Context Naturally
Reference context when responding:
- •If injections are active: Remind user of cleanup requirements
- •If discussing audited code: Reference what was verified
- •If editing audited files: Note any pending injections in that file
- •If asking about findings: Reference the audit report
Context Awareness Scenarios
User Editing Injected File
code
Note: This file has active audit injections at lines 42, 67. Consider running cleanup before making significant changes, or be careful not to modify the AUDIT-INJECTED lines.
User Asking About Behavior
code
The audit "auth-flow-001" verified this behavior: - Credentials ARE validated before database query (confirmed) - Session IS created after successful auth (confirmed) Evidence captured in the audit report.
User Forgot About Active Audit
code
Reminder: There's an active audit "auth-flow-001" with injections in src/auth/login.ts. Status: awaiting runtime capture. Would you like to: 1. Continue the audit capture 2. Run cleanup to remove injections
Integration Notes
This skill works with:
- •
/feature-auditcommand - Provides context during audit workflow - •
/feature-troubleshootcommand - Can reference audit findings - •
runtime-auditoragent - Shares context with audit operations
Example
User: "Why is there a console.log in the login function?"
Response (after silently loading context):
code
That's an audit injection from the active "auth-flow-001" audit. It was added to capture the user object at login entry. The audit is currently in the "runtime-capture" phase, waiting for you to trigger the login flow and capture the output. You can: 1. Run the process to capture the logs 2. Run `/feature-audit` to continue the workflow 3. Jump to cleanup if you want to remove the injections
Warning Triggers
Alert the user when:
- •Editing injected files: "This file has active audit injections"
- •Long-running audit: "Audit started [X hours ago], injections still active"
- •Incomplete cleanup: "Audit marked complete but injections may remain"
- •Multiple active audits: "Multiple audits active - specify which one"
Status Interpretation
| Session Status | Meaning |
|---|---|
in-progress | Audit active, may have injections |
awaiting-capture | Injections present, waiting for runtime |
analyzing | Captured data being processed |
completed | Audit finished, should be cleaned up |
Always check injections.json for actual injection state regardless of session status.