code-auditing

The code-auditing skill provides a professional, multi-phase methodology for conducting deep-dive technical reviews of codebases. It is designed for developers, architects, and security engineers who need a structured approach to maintaining high-quality software. Whether performing a pre-release security review, investigating technical debt, or purging dead code, this skill leverages a systematic workflow to ensure comprehensive coverage across your entire repository.

• Phase-based audit methodology covering discovery, file-level analysis, best practices verification, pattern detection, and library recommendation.

• Automated detection of dead code (unused imports, exports, functions, variables, and files) using tools like knip and deadcode.

• Systematic security assessment scanning for hardcoded secrets, SQL injection risks, XSS vulnerabilities, and missing input validation.

• Performance and code quality auditing addressing cyclomatic complexity, inefficient algorithms, blocking operations, memory leaks, and async/promise issues.

• Generation of standardized, actionable reports including executive summaries, prioritized action plans, and effort estimations (Critical to Quick Wins).

• Support for TypeScript type safety analysis, ensuring adherence to modern standards and identifying misuse of 'any' or outdated patterns.

• Utilize the tool in projects to verify adherence to established best practices and identify opportunities to replace custom logic with mature, well-maintained ecosystem packages.

• Always verify tool-reported findings to account for dynamic imports, framework-specific patterns, and complex entry points which may produce false positives.

• Integration with project configuration files (package.json, tsconfig.json, requirements.txt) to tailor analysis to the specific tech stack.

• The output is highly structured, mapping findings to specific file locations and severity levels to facilitate rapid remediation during the development lifecycle.