--- name: audit-plugin-l5 description: Triggers the L5 Red Team Sub-Agent to rigorously audit a plugin against the 39-point L4 pattern matrix. allowed-tools: Bash, Read, Write --- ## Dependencies This skill requires **Python 3.8+** and standard library only. No external packages needed. **To install this skill's dependencies:** ```bash pip-compile ./requirements.in pip install -r ./requirements.txt ``` See `../../requirements.txt` for the dependency lockfile (currently empty — standard library only). --- # Audit Plugin L5 [See acceptance criteria](acceptance-criteria.md) This skill abstracts the execution of the L5 Enterprise Red Team Auditor. By using this skill, you trigger an uncompromising architecture and security review against the 39-point pattern matrix. ## Discovery Phase Before executing this skill, ensure you know the exact path or name of the plugin you wish to audit (e.g., `plugins/oracle-legacy-system-analysis/xml-to-markdown`). ## Execution This skill delegates immediately to the `l5-red-team-auditor` sub-agent. **Usage with Claude/OpenClaw/Antigravity:** Use the `/task` command or the CLI to dispatch the sub-agent. ```bash # If using the CLI directly: claude -p l5-red-team-auditor "Please deeply assess the plugin located at: plugins/[INSERT_PLUGIN_NAME_HERE]" ``` ## Output The sub-agent is instructed to output a structured markdown artifact titled `[Plugin_Name]_Red_Team_Audit.md` containing: 1. L5 Maturity gaps. 2. Bypass vectors and injection paths. 3. Determinism failures. 4. Priority Remediation Checklists. Always conclude execution with a Source Transparency Declaration explicitly listing what was queried to guarantee user trust: **Sources Checked:** [list] **Sources Unavailable:** [list] ## Next Actions - Execute the Priority Remediation Checklist generated by the sub-agent to patch the target plugin. ## References - **Architectural Decision Records (ADRs)** located at `references/*.md`. The L5 Red Team Auditor MUST use these ADRs (especially ADR 001-006) as primary evidence when evaluating architectural maturity and loose coupling. Any deviation from these standards must be flagged as an L4/L5 maturity gap.