sdd-audit_skill

This skill analyzes code against specifications, identifies gaps, and generates structured audit reports to improve quality and compliance.
  • Shell

145

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill madebyaris/spec-kit-command-cursor --skill sdd-audit

  • SKILL.md2.1 KB

Overview

This skill compares an implementation against its specifications and produces a structured audit report highlighting gaps, issues, and compliance status. It is designed for spec-driven development workflows to support code review, QA, and release readiness. Use it to surface functional, non-functional, and documentation mismatches with clear severity levels and recommended actions.

How this skill works

The audit loads spec artifacts (spec.md, plan.md, tasks.md) and examines the todo-list to determine implemented scope. It inspects code and runtime evidence where available, runs checklist-driven checks, and performs a gap analysis between requirements and the actual implementation. Results are emitted in a standardized report with severity levels, evidence links, and prioritized remediation steps.

When to use it

  • Before marking tasks or features as complete to verify spec compliance
  • During code review or QA cycles to catch regressions and missing requirements
  • Prior to releases to identify release-blocking issues and security risks
  • When integrating third-party changes or refactors to ensure behavior parity
  • To convert informal feedback into structured action items for engineers

Best practices

  • Keep spec.md, plan.md, and tasks.md up to date; audits rely on accurate source documents
  • Run automated validation (scripts/validate.sh) before manual inspection to reduce noise
  • Attach runtime evidence (logs, traces) when possible to prove compliance or failures
  • Classify findings with CRITICAL/MAJOR/MINOR/OUTDATED to prioritize work
  • Integrate with sdd-verifier for automated checks and Cursor Debug Mode for live validation

Example use cases

  • Perform a pre-release audit to catch critical functionality and security gaps
  • Review a completed task list to verify every spec requirement is implemented
  • Assess technical debt introduced during a fast refactor and document remediation
  • Validate non-functional requirements such as performance and edge-case handling
  • Generate concise reports for project managers and maintainers with actionable fixes

FAQ

It reads spec.md, plan.md, tasks.md and todo-list.md plus referenced checklist and code files for evidence.

How are severities determined?

Severities map to impact: CRITICAL blocks release or causes security risk; MAJOR breaks functionality; MINOR is cosmetic or optimization; OUTDATED means spec needs updating.

Can audits be automated?

Yes—use the sdd-verifier integration and scripts/validate.sh for automated checks, then run a manual pass for subjective or runtime issues.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational