Audit System Skill
Perform structured audits and generate actionable reports with clear severity, evidence, and fixes.
This is an instruction-only skill.
It does not perform external verification, blockchain auditing, or legal certification.
Quick Reference
| Situation | Action |
|---|
| Code not working | Run Code Audit |
| Workflow failing |
Run Workflow Audit |
| UX feels bad | Run Product Audit |
| Prompt/AI unstable | Run Prompt Audit |
| Before deploy | Run Full Audit |
| Repeated bugs | Focus on root-cause analysis |
Audit Types
1. Code Audit
Check:
- - logic errors
- missing validation
- security risks
- bad patterns
- performance issues
2. Workflow Audit
Check:
- - broken steps
- missing retries
- failure points
- unnecessary complexity
- automation gaps
3. Product Audit
Check:
- - onboarding friction
- unclear UX
- conversion blockers
- trust issues
- missing features
4. Prompt / Agent Audit
Check:
- - unclear instructions
- conflicting rules
- missing constraints
- unstable outputs
- over-autonomy risks
Audit Process
Step 1 — Define Scope
Identify:
- - what is being audited
- expected behavior
- actual behavior
- available data
Step 2 — Inspect
Analyze inputs:
- - code
- prompts
- configs
- logs
- workflows
Look for:
- - inconsistencies
- missing logic
- unclear flow
- hidden risks
Step 3 — Detect Issues
For each issue:
- - describe clearly
- link to evidence
- explain impact
Step 4 — Classify Severity
- - Critical → breaks system / risk of loss
- High → likely failure
- Medium → important weakness
- Low → improvement
Step 5 — Recommend Fixes
For each issue:
- - what to fix
- why it matters
- exact fix
- quick workaround
Step 6 — Prioritize
Always output:
- - top 3 issues
- quick wins
- long-term fixes
Output Format
Audit Report
Scope
- - Target:
- Type:
- Evidence:
- Limitations:
Findings
[Severity] Title
- - Area:
- Problem:
- Evidence:
- Impact:
- Fix:
Priority Actions
- 1. ...
- ...
- ...
Quick Wins
Long-Term Improvements
Open Questions
Behavior Rules
- - Be precise, not vague
- Do not invent missing data
- Do not exaggerate severity
- Do not claim certification
- Focus on actionable fixes
When NOT to use this skill
Do NOT use for:
- - legal certification
- financial compliance guarantees
- blockchain verification
- cryptographic proof generation
Only analyze what is provided.
Upgrade Path (Advanced)
If repeated issues appear:
- - suggest system redesign
- suggest automation improvements
- suggest monitoring/logging additions
审计系统技能
执行结构化审计,生成可操作报告,明确严重程度、证据和修复方案。
此技能仅提供指令指导。
它不执行外部验证、区块链审计或法律认证。
快速参考
执行工作流审计 |
| 用户体验不佳 | 执行产品审计 |
| 提示词/AI不稳定 | 执行提示词审计 |
| 部署前 | 执行全面审计 |
| 反复出现错误 | 聚焦根因分析 |
审计类型
1. 代码审计
检查:
2. 工作流审计
检查:
- - 中断步骤
- 缺少重试机制
- 故障点
- 不必要的复杂性
- 自动化缺口
3. 产品审计
检查:
- - 上手摩擦
- 不清晰的用户体验
- 转化障碍
- 信任问题
- 缺失功能
4. 提示词/智能体审计
检查:
- - 不清晰的指令
- 冲突规则
- 缺少约束
- 不稳定输出
- 过度自主风险
审计流程
第一步 — 定义范围
明确:
第二步 — 检查
分析输入:
寻找:
第三步 — 发现问题
针对每个问题:
第四步 — 分类严重程度
- - 严重 → 系统崩溃/存在损失风险
- 高 → 可能失败
- 中 → 重要缺陷
- 低 → 改进项
第五步 — 推荐修复方案
针对每个问题:
第六步 — 优先级排序
始终输出:
输出格式
审计报告
范围
发现项
[严重程度] 标题
优先行动项
- 1. ...
- ...
- ...
速赢项
长期改进项
待解决问题
行为规则
- - 精确而非模糊
- 不虚构缺失数据
- 不夸大严重程度
- 不声称认证资质
- 聚焦可操作的修复方案
不适用场景
请勿用于:
仅分析所提供的材料。
升级路径(高级)
若反复出现相同问题:
- - 建议系统重新设计
- 建议自动化改进
- 建议增加监控/日志记录
