Back to Details

full-review

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Full Review: Quad Audit Orchestrator

Full Review:四合一审计编排器

Run four independent audits in parallel and present each report separately. One command that catches bugs, slop, security issues, and stale docs across the entire codebase without invoking each skill manually.
The four audits:
  1. Code Review (
    code-review
    skill) - bugs, logic errors, edge cases, race conditions, resource leaks, convention violations. Uses confidence-based filtering (>= 80%), adversarial self-check, and evidence-based verification.
  2. Slop Check (
    anti-slop
    skill) - machine-generated patterns, over-abstraction, verbose code, stale idioms
  3. Security Audit (
    security-audit
    skill) - vulnerabilities, secrets, dependency risks, OWASP mapping
  4. Docs Sweep (
    update-docs
    skill) - stale docs, bloated instruction files, missing gotchas, broken links, companion-file drift
Each audit runs in its own parallel agent/subprocess with a fresh context window, so they don't compete for tokens or bias each other's findings.
并行运行四项独立审计,并分别呈现每份报告。只需一个命令,即可在整个代码库中捕获bug、冗余代码(slop)、安全问题和过时文档,无需手动调用每个skill。
四项审计内容:
  1. 代码审查
    code-review
    skill)- 检测bug、逻辑错误、边界情况、竞态条件、资源泄漏、规范违规。采用基于置信度的过滤(≥80%)、对抗式自我检查和基于证据的验证机制。
  2. 冗余代码检查
    anti-slop
    skill)- 检测机器生成模式、过度抽象、冗长代码、过时写法
  3. 安全审计
    security-audit
    skill)- 检测漏洞、机密信息、依赖风险、OWASP映射
  4. 文档扫描
    update-docs
    skill)- 检测过时文档、臃肿说明文件、遗漏注意事项、失效链接、配套文件不一致
每项审计都在独立的并行agent/子进程中运行,拥有全新的上下文窗口,因此它们不会竞争令牌或相互影响审计结果。

When to use

使用场景

  • Running a repo-wide quality gate before merge, release, or handoff
  • Auditing an unfamiliar codebase across correctness, security, slop, and docs in one pass
  • Getting a broad review when the user explicitly wants multiple audit lenses at once
  • 在合并、发布或移交前运行全仓库质量把关
  • 一次性对陌生代码库进行正确性、安全性、冗余度和文档多维度审计
  • 用户明确需要多维度审计视角时,获取全面审查结果

When NOT to use

不适用场景

  • A targeted correctness review on specific files - use code-review
  • Style/slop cleanup without the other audit passes - use anti-slop
  • A dedicated security review only - use security-audit
  • A documentation-only maintenance sweep - use update-docs
  • A comprehensive audit across all applicable skills (up to 21) - use deep-audit
  • Auditing the skill collection for consistency or quality - use skill-creator
  • 针对特定文件的定向正确性审查 - 使用code-review
  • 仅进行风格/冗余代码清理,无需其他审计 - 使用anti-slop
  • 仅进行专项安全审查 - 使用security-audit
  • 仅进行文档维护扫描 - 使用update-docs
  • 进行所有适用skill(最多21项)的全面审计 - 使用deep-audit
  • 审计skill集合的一致性或质量 - 使用skill-creator

AI Self-Check

AI自我检查

Run this checklist after all agents return but before presenting the combined report to the user. Do not present results until every item passes.
Verify:
  • All 4 agents dispatched as 
    general-purpose
    type (NOT 
    feature-dev:*
    , 
    code-simplifier:*
    , or other restricted types)
  • Each agent invoked its assigned custom skill (
    code-review
    , 
    anti-slop
    , 
    security-audit
    , 
    update-docs
    ) via the Skill tool
  • Each report presented under its own header, unedited
  • No cross-report merging or editorializing (findings from different audits stay separate)
  • SECURITY-AUDIT.md gitignore reminder included
  • Failed agents noted with reason (don't silently drop a missing audit)
  • Preflight context block was passed to all agents
  • When user specified a scope, the 
    Scope:
    line in every agent's context block reflects that scope (not "full codebase review")
  • Scope held in output: each agent's findings reference only files/modules within the requested scope. If any agent's output references out-of-scope paths, flag it in that report's header (see Step 3 scope verification)
在所有agent返回结果后、向用户呈现合并报告前,运行此检查清单。所有项通过后才能呈现结果。
验证项:
  • 所有4个agent均以
    general-purpose
    类型调度(而非
    feature-dev:*
    code-simplifier:*
    或其他受限类型)
  • 每个agent均通过Skill工具调用了指定的自定义skill(
    code-review
    anti-slop
    security-audit
    update-docs
  • 每份报告都在独立标题下呈现,未做编辑
  • 未进行跨报告合并或编辑(不同审计的发现保持独立)
  • 包含SECURITY-AUDIT.md的gitignore提醒
  • 注明失败agent的原因(不要静默忽略缺失的审计)
  • 预检查上下文块已传递给所有agent
  • 当用户指定范围时,每个agent上下文块中的
    Scope:
    行都反映该范围(而非“full codebase review”)
  • 输出符合范围要求:每个agent的发现仅涉及请求范围内的文件/模块。若任何agent的输出引用了超出范围的路径,需在该报告的标题中标记(见步骤3范围验证)

Workflow

工作流程

Step 0: Preflight

步骤0:预检查

Gather context before dispatching agents. Run these in parallel (guard each with 
; true
so one failure doesn't cancel siblings):
  1. Repo state: 
    git rev-parse --show-toplevel ; true
    and 
    git rev-parse --short HEAD ; true
  2. Branch: 
    git branch --show-current ; true
  3. Language detection: check for manifest files (
    package.json
    , 
    requirements.txt
    , 
    go.mod
    , 
    Cargo.toml
    , 
    pyproject.toml
    , 
    composer.json
    , 
    Gemfile
    , 
    *.tf
    , 
    helmfile.yaml
    )
  4. Repo size estimate: 
    git ls-files | wc -l ; true
If not a git repo (step 1 fails): stop and tell the user. The audits rely on git context (history, blame, diff). Running without it produces low-quality results.
Record preflight values - each subagent prompt uses them. Substitute 
{placeholders}
in the agent prompts below with the actual values from preflight (e.g., replace 
{repo_root}
with the output of 
git rev-parse --show-toplevel
). Default 
{scope}
to "full codebase review - scan everything"; override in Step 1 if the user specifies a narrower target.
调度agent前收集上下文。并行运行以下命令(每个命令后加
; true
,避免单个失败导致其他命令终止):
  1. 仓库状态
    git rev-parse --show-toplevel ; true
    git rev-parse --short HEAD ; true
  2. 分支
    git branch --show-current ; true
  3. 语言检测:检查清单文件(
    package.json
    requirements.txt
    go.mod
    Cargo.toml
    pyproject.toml
    composer.json
    Gemfile
    *.tf
    helmfile.yaml
  4. 仓库大小估算
    git ls-files | wc -l ; true
若不是git仓库(步骤1失败):终止操作并告知用户。审计依赖git上下文(历史记录、blame、diff),无此上下文会导致结果质量低下。
记录预检查值 - 每个子agent的提示都会使用这些值。将以下agent提示中的
{placeholders}
替换为预检查得到的实际值(例如,将
{repo_root}
替换为
git rev-parse --show-toplevel
的输出)。默认
{scope}
为“full codebase review - scan everything”;若用户指定更窄的目标,在步骤1中覆盖此值。

Step 1: Determine Scope

步骤1:确定范围

Default is full codebase since the user is running this as a quality gate. Adapt if context suggests otherwise:
  • Uncommitted changes present -> mention this, but still audit the full repo.
  • Detached HEAD / bare repo -> warn the user, proceed with what's available.
  • User specified a narrower scope (specific files, directory, module) -> pass that scope constraint to all four agents. Each agent only audits within the specified scope. This is the key to scoped reviews: narrowing the target, not the audit dimensions. Set 
    {scope}
    in the context block to the user's scope (e.g., "src/auth/ directory only") instead of the default "full codebase review - scan everything".
默认范围为全代码库,因为用户将此作为质量把关工具。可根据上下文调整:
  • 存在未提交更改 -> 提及此情况,但仍审计全仓库。
  • 分离HEAD / 裸仓库 -> 向用户发出警告,使用现有内容继续。
  • 用户指定了更窄范围(特定文件、目录、模块)-> 将范围约束传递给所有四个agent。每个agent仅在指定范围内审计。这是范围化审查的关键:缩小目标,而非审计维度。将上下文块中的
    {scope}
    设置为用户指定的范围(例如,“src/auth/ directory only”),而非默认的“full codebase review - scan everything”。

Step 2: Dispatch Four Parallel Agents

步骤2:调度四个并行Agent

Spawn all four agents concurrently. Each agent invokes one of the four custom skills and runs a full codebase audit.
Agent type selection (critical): Each agent MUST be dispatched as a 
general-purpose
agent (or equivalent full-access agent type). Do NOT use specialized agent types like 
feature-dev:code-reviewer
, 
feature-dev:code-explorer
, 
code-simplifier:*
, or any other restricted-toolset agent - these lack access to the Skill tool and cannot invoke custom skills. The agent type name should reflect its capabilities (full tool access), not the audit it performs.
Skill invocation: Each 
general-purpose
agent MUST invoke the named custom skill via the Skill tool (or equivalent skill-loading mechanism) as its first action. Custom skills from the user's installed collection take priority over built-in reviewers or platform-provided audit modes. Specifically:
  • Agent 1 invokes 
    code-review
    via Skill tool, not a built-in code-review mode
  • Agent 2 invokes 
    anti-slop
    via Skill tool, not a built-in code simplifier
  • Agent 3 invokes 
    security-audit
    via Skill tool, not a built-in security scanner
  • Agent 4 invokes 
    update-docs
    via Skill tool, not a built-in documentation reviewer
Fallback: If a custom skill is not available (skill lookup/load returns "not found" or similar), THEN fall back to the best available alternative (manual review following the skill's principles) and note which skill was unavailable in the output header.
If parallel execution is unavailable (restricted sandbox, no subagent support): run sequentially in this order: Security Audit, Code Review, Slop Check, Docs Sweep. Security first because those findings are most time-sensitive. If any agent exceeds 5 minutes wall-clock, note the timeout in the output header and continue with the remaining agents.
If agent dispatch is unavailable (non-Claude harness, no subagent API): run each audit sequentially in separate CLI sessions, invoking each skill manually in its own conversation.
Pass this context block to every agent, substituting the 
{placeholders}
from preflight:
Context:
- Repo: {repo_root}
- Commit: {short_sha}
- Branch: {branch}
- Languages: {detected_languages}
- File count: {file_count}
- Scope: {scope}
Each agent receives the context block above plus a task prompt. Use these templates:
同时生成所有四个agent。每个agent调用四个自定义skill中的一个,并运行全代码库审计。
Agent类型选择(关键):每个agent必须以
general-purpose
agent(或等效的全权限agent类型)调度。请勿使用专用agent类型,如
feature-dev:code-reviewer
feature-dev:code-explorer
code-simplifier:*
或任何其他受限工具集agent - 这些agent无法访问Skill工具,无法调用自定义skill。agent类型名称应反映其能力(全工具访问),而非审计内容。
Skill调用:每个
general-purpose
agent必须首先通过Skill工具(或等效的skill加载机制)调用指定的自定义skill。用户已安装的自定义skill优先于内置审查器或平台提供的审计模式。具体要求:
  • Agent 1通过Skill工具调用
    code-review
    ,而非内置代码审查模式
  • Agent 2通过Skill工具调用
    anti-slop
    ,而非内置代码简化器
  • Agent 3通过Skill工具调用
    security-audit
    ,而非内置安全扫描器
  • Agent 4通过Skill工具调用
    update-docs
    ,而非内置文档审查器
回退方案:若自定义skill不可用(skill查找/加载返回“not found”或类似结果),则回退到最佳可用替代方案(遵循skill原则进行手动审查),并在输出标题中注明哪个skill不可用。
若无法并行执行(沙箱受限,无子agent支持):按以下顺序依次运行:安全审计、代码审查、冗余代码检查、文档扫描。优先运行安全审计,因为其发现最具时间敏感性。若任何agent运行时间超过5分钟,在输出标题中注明超时,继续运行剩余agent。
若无法调度agent(非Claude框架,无子agent API):在单独的CLI会话中依次运行每个审计,在各自的对话中手动调用每个skill。
将以下上下文块传递给每个agent,替换预检查得到的
{placeholders}
Context:
- Repo: {repo_root}
- Commit: {short_sha}
- Branch: {branch}
- Languages: {detected_languages}
- File count: {file_count}
- Scope: {scope}
每个agent都会收到上述上下文块以及任务提示。使用以下模板:

Agent 1: Code Review

Agent 1:代码审查

{context_block}

Invoke the `code-review` skill via the Skill tool, then run a full code review on the codebase.
Scope: {scope}. Return the complete report.
{context_block}

通过Skill工具调用`code-review` skill,然后对代码库进行全面代码审查。
范围:{scope}。返回完整报告。

Agent 2: Slop Check

Agent 2:冗余代码检查

{context_block}

Invoke the `anti-slop` skill via the Skill tool, then audit the codebase for machine-generated
patterns, over-abstraction, and code quality issues. Scope: {scope}. Return the complete report.
{context_block}

通过Skill工具调用`anti-slop` skill,然后审计代码库中的机器生成模式、过度抽象和代码质量问题。范围:{scope}。返回完整报告。

Agent 3: Security Audit

Agent 3:安全审计

{context_block}

Invoke the `security-audit` skill via the Skill tool, then run a security audit on the codebase.
Scope: {scope}. Return the complete report including SECURITY-AUDIT.md content.
{context_block}

通过Skill工具调用`security-audit` skill,然后对代码库进行安全审计。
范围:{scope}。返回包含SECURITY-AUDIT.md内容的完整报告。

Agent 4: Docs Sweep

Agent 4:文档扫描

{context_block}

Invoke the `update-docs` skill via the Skill tool as a read-only audit. Scope: {scope}.
Focus on: stale docs, instruction-file bloat (40,000 char limit), companion-file drift, broken
links, orphaned gotchas, missing docs on recent changes. Do NOT make changes or commit anything.
Return the complete report.
{context_block}

通过Skill工具调用`update-docs` skill,进行只读审计。范围:{scope}。
重点关注:过时文档、说明文件臃肿(40000字符限制)、配套文件不一致、失效链接、孤立注意事项、近期变更缺失文档。请勿进行任何更改或提交操作。
返回完整报告。

Step 3: Present Results

步骤3:呈现结果

After all four agents return, present each report under its own header. Do not merge, summarize, or editorialize across reports - each stands alone. The user reads the skill's native output, not a reinterpretation.
Scoped reviews: when the user specified a narrower scope, each report focuses on that scope. Use this routing table to emphasize domain-relevant checks:
Scopecode-review focussecurity-audit focusanti-slop focusupdate-docs focus
Auth/sessionAuth logic paths, token lifecycleSession handling, token validation, credential storageAuth middleware over-abstractionAuth-related docs current
API endpointsRequest/response handling, error pathsInput validation, injection, rate limitingHandler boilerplate, verbose error wrappingAPI docs, OpenAPI spec
Data layerQuery correctness, race conditionsSQL injection, data exposure, access controlORM abstraction, unnecessary wrappersSchema docs, migration notes
InfrastructureConfig correctness, resource handlingSecrets exposure, misconfigurationOver-engineered deploy scriptsInfra docs, runbook accuracy
For scopes not in the table, apply each skill's standard checklist narrowed to the specified files/module. Do not skip an audit just because the scope seems domain-specific - every skill may surface relevant findings on arbitrary code.
Scope verification before presenting: when a scope was specified, confirm each agent's output before including it in the report. If an agent's findings reference files or modules outside the requested scope, that agent ignored the scope constraint - note the discrepancy in its report header and, if possible, filter out-of-scope findings. If an agent returned zero findings, confirm it actually ran against the scoped target (not an empty or wrong path) before reporting "no issues found."
User requests synthesis: if the user asks for a combined summary after seeing the reports, prioritize: security fixes > correctness bugs > slop cleanup > doc updates. Keep synthesis brief - the individual reports are the source of truth.
After presenting results, remind the user: "Check that 
SECURITY-AUDIT.md
is in 
.gitignore
- it contains vulnerability details that shouldn't be committed."
Use this structure:
markdown
undefined
所有四个agent返回结果后,在独立标题下呈现每份报告。请勿合并、总结或编辑跨报告内容 - 每份报告独立存在。用户查看的是skill的原生输出,而非重新解读后的内容。
范围化审查:当用户指定更窄范围时,每份报告聚焦于该范围。使用以下路由表强调领域相关检查:
范围code-review重点security-audit重点anti-slop重点update-docs重点
认证/会话认证逻辑路径、令牌生命周期会话处理、令牌验证、凭证存储认证中间件过度抽象认证相关文档时效性
API端点请求/响应处理、错误路径输入验证、注入攻击、速率限制处理程序样板代码、冗长错误包装API文档、OpenAPI规范
数据层查询正确性、竞态条件SQL注入、数据泄露、访问控制ORM抽象、不必要的包装器架构文档、迁移说明
基础设施配置正确性、资源处理机密信息泄露、配置错误过度设计的部署脚本基础设施文档、运行手册准确性
对于表中未列出的范围,将每个skill的标准检查清单缩小到指定文件/模块。不要因范围看似特定领域而跳过任何审计 - 每个skill都可能在任意代码中发现相关问题。
呈现前范围验证:当指定范围时,在将agent输出纳入报告前进行确认。若agent的发现引用了请求范围外的文件或模块,说明该agent忽略了范围约束 - 在其报告标题中注明差异,若可能,过滤掉超出范围的发现。若agent返回零发现,需确认其确实针对指定范围运行(而非空路径或错误路径),再报告“未发现问题”。
用户请求综合总结:若用户查看报告后要求合并总结,优先级为:安全修复 > 正确性bug > 冗余代码清理 > 文档更新。总结需简洁 - 单个报告是事实来源。
呈现结果后,提醒用户:“请确认
SECURITY-AUDIT.md
已加入
.gitignore
- 它包含不应提交的漏洞细节。”
使用以下结构:
markdown
undefined

Full Review: {repo_name} @ {short_sha}

Full Review: {repo_name} @ {short_sha}

Languages: {detected_languages} | Files: {file_count} | Branch: {branch} Scope: {scope}
语言:{detected_languages} | 文件数:{file_count} | 分支:{branch} 范围:{scope}

1. Code Review

1. 代码审查

{agent 1 output verbatim}
{agent 1输出原文}

2. Slop Check

2. 冗余代码检查

{agent 2 output verbatim}
{agent 2输出原文}

3. Security Audit

3. 安全审计

{agent 3 output verbatim}
{agent 3输出原文}

4. Docs Sweep

4. 文档扫描

{agent 4 output verbatim}
undefined
{agent 4输出原文}
undefined

Step 4: Handle Failures

步骤4:处理失败情况

If an agent fails or times out:
  • Note which audit failed and why (timeout, skill not found, tool permission denied)
  • Present whatever completed successfully
  • Do not re-run failed agents unless the user asks
If a skill is not available, perform a manual review in the same 
general-purpose
agent. Note the substitution in the output header so the user knows a fallback was used. Partial results are still useful.
Unavailable skillFallback approach
code-review
Manually review for bugs, logic errors, edge cases, and resource leaks. Focus on high-confidence findings only.
anti-slop
Scan for verbose code, redundant comments, over-abstraction, and dead code manually. No structured slop taxonomy - report what you find.
security-audit
Manually check for hardcoded secrets, injection points, missing auth checks, and dependency CVEs. Skip SECURITY-AUDIT.md generation.
update-docs
Review README, CLAUDE.md, AGENTS.md, and inline doc comments for staleness. Check that recent code changes have corresponding doc updates.
若agent失败或超时:
  • 注明哪个审计失败及原因(超时、skill未找到、工具权限被拒绝)
  • 呈现所有已成功完成的内容
  • 除非用户要求,否则不重新运行失败的agent
若skill不可用,在同一
general-purpose
agent中进行手动审查。在输出标题中注明替代方案,让用户知道使用了回退方案。部分结果仍有价值。
不可用skill回退方法
code-review
手动审查bug、逻辑错误、边界情况和资源泄漏。仅关注高置信度发现。
anti-slop
手动扫描冗长代码、冗余注释、过度抽象和死代码。无结构化冗余分类 - 报告发现的问题即可。
security-audit
手动检查硬编码机密、注入点、缺失认证检查和依赖CVE漏洞。跳过SECURITY-AUDIT.md生成。
update-docs
审查README、CLAUDE.md、AGENTS.md和内联文档注释的时效性。检查近期代码变更是否有对应的文档更新。

Related Skills

相关Skill

  • code-review - one of the four parallel audits. Finds bugs, logic errors, correctness issues.
  • anti-slop - one of the four parallel audits. Finds quality/style issues and AI-generated patterns.
  • security-audit - one of the four parallel audits. Finds vulnerabilities, secrets, dependency risks.
  • update-docs - one of the four parallel audits. Finds stale docs, bloated instruction files, and missing gotchas.
  • skill-creator - audits the skill collection itself. Full-review audits application code.
  • code-review - 四项并行审计之一。检测bug、逻辑错误、正确性问题。
  • anti-slop - 四项并行审计之一。检测质量/风格问题和AI生成模式。
  • security-audit - 四项并行审计之一。检测漏洞、机密信息、依赖风险。
  • update-docs - 四项并行审计之一。检测过时文档、臃肿说明文件和遗漏注意事项。
  • skill-creator - 审计skill集合本身。Full-review审计应用代码。

Rules

规则

  • General-purpose agents only. Every subagent MUST be a 
    general-purpose
    (full-access) agent type. Never use 
    feature-dev:*
    , 
    code-simplifier:*
    , or other restricted agent types - they cannot invoke custom skills. The agent type controls tool access, not the audit topic.
  • Custom skills first. Each agent invokes its assigned custom skill (
    code-review
    , 
    anti-slop
    , 
    security-audit
    , 
    update-docs
    ) via the Skill tool as its first action. Fall back to manual review only if the skill is not installed.
  • Parallel dispatch is strongly preferred. Run all four agents concurrently when the environment supports it. If parallel execution is unavailable, run sequentially (security first - see Step 2).
  • Don't editorialize. Present each report as the skill produced it. No unsolicited synthesis across reports.
  • Respect each skill's output format. The anti-slop skill has its own format. The security audit writes SECURITY-AUDIT.md. The code reviewer and docs sweep have their formats. Don't normalize them into a single style.
  • Don't duplicate work. If a finding appears in multiple reports (e.g., dead code in both slop check and code review), that's fine - independent auditors catching the same thing is signal, not noise.
  • Preflight is fast. The parallel git commands in Step 0 should take under 2 seconds. Don't skip them - the agent prompts are much better with context.
  • Large repos. If file count exceeds 1000, mention to the user that this will take a while. Don't reduce scope unless asked.
  • SECURITY-AUDIT.md gitignore. The security audit writes a report file containing vulnerability details to the repo root. After presenting results, remind the user to check that 
    SECURITY-AUDIT.md
    is in 
    .gitignore
    - the sub-skill warns too, but it's easy to miss buried in output.
  • Docs sweep is read-only. The update-docs agent must not make changes or commit anything during a full review. It reports what needs updating; the user decides when to act on it.
  • 仅使用通用型agent。每个子agent必须是
    general-purpose
    (全权限)agent类型。绝不要使用
    feature-dev:*
    code-simplifier:*
    或其他受限agent类型 - 它们无法调用自定义skill。agent类型控制工具访问权限,而非审计主题。
  • 优先使用自定义skill。每个agent必须首先通过Skill工具调用指定的自定义skill(
    code-review
    anti-slop
    security-audit
    update-docs
    )。仅当skill未安装时才回退到手动审查。
  • 强烈建议并行调度。环境支持时,同时运行所有四个agent。若无法并行执行,依次运行(优先安全审计 - 见步骤2)。
  • 不要编辑输出。按skill生成的原样呈现每份报告。不要主动进行跨报告综合。
  • 尊重每个skill的输出格式。anti-slop skill有自己的格式。安全审计会生成SECURITY-AUDIT.md。代码审查和文档扫描也有各自的格式。不要将它们统一为单一风格。
  • 不要重复工作。若同一发现出现在多个报告中(例如,死代码同时出现在冗余检查和代码审查中),无需处理 - 独立审计发现同一问题是有效信号,而非噪音。
  • 预检查要快速。步骤0中的并行git命令应在2秒内完成。不要跳过预检查 - 带有上下文的agent提示效果更好。
  • 大型仓库。若文件数超过1000,告知用户这将花费较长时间。除非用户要求,否则不要缩小范围。
  • SECURITY-AUDIT.md的gitignore设置。安全审计会在仓库根目录生成包含漏洞细节的报告文件。呈现结果后,提醒用户确认
    SECURITY-AUDIT.md
    已加入
    .gitignore
    - 子skill也会发出警告,但容易被输出内容淹没。
  • 文档扫描为只读。在full review中,update-docs agent不得进行任何更改或提交操作。它仅报告需要更新的内容,由用户决定何时采取行动。