auditing-context

# Auditing Context

Automatically load active audit session data when the user is working in the context of a runtime audit.

## When to Use

Invoke this skill when the user:
- Is working on code that has pending audit injections
- Asks about audit findings or captured data
- Discusses runtime behavior verification
- References "the audit" or a specific audit ID
- Is making changes to audited code paths
- Asks about injected logs or cleanup status

## Instructions

### Step 1: Check for Active Audits

Read `docs/audits/registry.json` to find active audit sessions.

```json
{
  "audits": [
    {
      "id": "auth-flow-001",
      "status": "in-progress",
      "name": "Login Flow Verification"
    }
  ]
}
```

Filter for audits with `status: "in-progress"`.

### Step 2: Load Active Audit Context

For relevant audits, read:

```
docs/audits/[audit-id]/
├── session.json      # Current phase, target description, questions
├── injections.json   # Active injections in code
└── report.md         # Findings (if analysis complete)
```

### Step 3: Check for Injected Code

If there are active injections:

1. Read `injections.json` to understand what's currently injected
2. Be aware of which files have audit instrumentation
3. Warn user if they're editing files with active injections

### Step 4: Use Context Naturally

Reference context when responding:

- **If injections are active**: Remind user of cleanup requirements
- **If discussing audited code**: Reference what was verified
- **If editing audited files**: Note any pending injections in that file
- **If asking about findings**: Reference the audit report

## Context Awareness Scenarios

### User Editing Injected File

```
Note: This file has active audit injections at lines 42, 67.
Consider running cleanup before making significant changes,
or be careful not to modify the AUDIT-INJECTED lines.
```

### User Asking About Behavior

```
The audit "auth-flow-001" verified this behavior:
- Credentials ARE validated before da