# docs/audit — audit procedures and artifacts

This directory is the home of the `D3 «Аудит и управление рисками»` section of
the automation map (`docs/automation-graph.html`). It holds repeatable audit
procedures and their artifacts.

## Toolset

- `/security-review` — the customized Anthropic security-review command
  (`.claude/commands/security-review.md`).
- Trail of Bits Skills — the `trailofbits` marketplace audit plugins.
- Security Guidance — the Anthropic inline-vulnerability hook (blocking
  `PreToolUse`, a one-time per-file-and-rule speed-bump).
- `audit-portal` — the project skill encoding the 14-phase portal audit.

## Boundaries

- Closed decisions and their residual risks → `docs/adr/` (see ADR-003).
- Open product, business, and legal risks → `docs/Открытые_вопросы_v8_3.md`.

## Procedures

- `toolchain-attack-surface.md` — manual audit of the Claude Code plugin and
  MCP-server attack surface.