Automated audit: This issue was generated by NLPM, a natural language programming linter, running via claude-code-action. Please evaluate the findings on their merits.
Overview
NLPM audited this repository on 2026-04-19 and found 9 bugs across agents and skills. Two PRs have been submitted for the most impactful mechanical bugs (B1–B8). This issue tracks all findings and links to submitted fixes.
Overall NL Score: 84/100 (skills average ~90/100; devops agents drag the score down due to invalid tool names)
NLPM Methodology
NLPM applies the 50 Rules of Natural Language Programming — a deterministic scoring rubric for Claude Code artifacts (agents, skills, commands, hooks). Bugs are mechanical defects that cause incorrect behavior or install failures. Quality issues are non-breaking improvements.
Bugs Found
B1–B6: Invalid VS Code Copilot tool names in devops-infrastructure agents
Multiple agents in cli-tool/components/agents/devops-infrastructure/ declare VS Code Copilot tool names (codebase, edit/editFiles, terminalCommand, githubRepo, runCommands, runTasks) that Claude Code silently ignores, leaving these agents with zero tool access at runtime.
Fix submitted: PR #534 — fix: replace VS Code Copilot tool names with valid Claude Code tools
Files fixed in the PR:
devops-expert.mdse-gitops-ci-specialist.mdterraform-iac-reviewer.md
Additional files with the same pattern (not yet in PR — further review may be warranted):
bicep-implement.md, azure-iac-generator.md, arm-migration.md and others in devops-infrastructure/
B7–B8: Duplicate skill name brand-guidelines causes silent install conflict
Three skills all declare name: brand-guidelines in their frontmatter:
cli-tool/components/skills/business-marketing/brand-guidelines-anthropic/SKILL.mdcli-tool/components/skills/business-marketing/brand-guidelines-community/SKILL.mdcli-tool/components/skills/enterprise-communication/brand-guidelines/SKILL.md
In Claude Code's skill registry, name is the install key. When multiple skills share a name, the last one installed silently overwrites the others — users cannot access all three skills simultaneously.
Fix submitted: PR #533 — fix: resolve duplicate skill name brand-guidelines
B9: curl | sh unsigned third-party installer in droid.md (not PR'd)
cli-tool/components/agents/expert-advisors/droid.md contains curl -fsSL https://app.factory.ai/cli | sh at lines 21 and 238. This installs from an external domain without signature verification in a general-purpose agent. Classified as HIGH severity — not PR'd per responsible disclosure policy. Recommend adding a user-facing warning block or verifying the installer with a pinned hash.
Quality Issues (not PR'd)
These are non-breaking; listed for completeness:
| # |
File |
Issue |
| Q1 |
ai-product/SKILL.md |
Sharp Edges "Solution" column contains only stub comments |
| Q2 |
zapier-make-patterns/SKILL.md |
Sharp Edges solutions are stubs; description truncated mid-sentence |
| Q3 |
ai-wrapper-product/SKILL.md |
Patterns section has headers but no content |
| Q4–Q7 |
ceo-advisor, cto-advisor, marketing-* |
Non-standard frontmatter fields Claude Code ignores |
| Q8–Q9 |
transcribe, speech |
author: openai — misleading attribution |
| Q10–Q12 |
product-manager, product-strategist, agile-product-owner |
References Python scripts not present in repo |
Summary
This is a high-quality repository with strong skill coverage (~90/100 average for skills). The main issues are mechanical copy-paste artifacts from GitHub Copilot's format and a naming collision between three brand-guidelines variants. The PRs above are minimal, targeted fixes — no content changes.
Thank you for maintaining this excellent collection of Claude Code templates!
Overview
NLPM audited this repository on 2026-04-19 and found 9 bugs across agents and skills. Two PRs have been submitted for the most impactful mechanical bugs (B1–B8). This issue tracks all findings and links to submitted fixes.
Overall NL Score: 84/100 (skills average ~90/100; devops agents drag the score down due to invalid tool names)
NLPM Methodology
NLPM applies the 50 Rules of Natural Language Programming — a deterministic scoring rubric for Claude Code artifacts (agents, skills, commands, hooks). Bugs are mechanical defects that cause incorrect behavior or install failures. Quality issues are non-breaking improvements.
Bugs Found
B1–B6: Invalid VS Code Copilot tool names in devops-infrastructure agents
Multiple agents in
cli-tool/components/agents/devops-infrastructure/declare VS Code Copilot tool names (codebase,edit/editFiles,terminalCommand,githubRepo,runCommands,runTasks) that Claude Code silently ignores, leaving these agents with zero tool access at runtime.Fix submitted: PR #534 — fix: replace VS Code Copilot tool names with valid Claude Code tools
Files fixed in the PR:
devops-expert.mdse-gitops-ci-specialist.mdterraform-iac-reviewer.mdAdditional files with the same pattern (not yet in PR — further review may be warranted):
bicep-implement.md,azure-iac-generator.md,arm-migration.mdand others indevops-infrastructure/B7–B8: Duplicate skill name
brand-guidelinescauses silent install conflictThree skills all declare
name: brand-guidelinesin their frontmatter:cli-tool/components/skills/business-marketing/brand-guidelines-anthropic/SKILL.mdcli-tool/components/skills/business-marketing/brand-guidelines-community/SKILL.mdcli-tool/components/skills/enterprise-communication/brand-guidelines/SKILL.mdIn Claude Code's skill registry,
nameis the install key. When multiple skills share a name, the last one installed silently overwrites the others — users cannot access all three skills simultaneously.Fix submitted: PR #533 — fix: resolve duplicate skill name brand-guidelines
B9:
curl | shunsigned third-party installer indroid.md(not PR'd)cli-tool/components/agents/expert-advisors/droid.mdcontainscurl -fsSL https://app.factory.ai/cli | shat lines 21 and 238. This installs from an external domain without signature verification in a general-purpose agent. Classified as HIGH severity — not PR'd per responsible disclosure policy. Recommend adding a user-facing warning block or verifying the installer with a pinned hash.Quality Issues (not PR'd)
These are non-breaking; listed for completeness:
ai-product/SKILL.mdzapier-make-patterns/SKILL.mdai-wrapper-product/SKILL.mdauthor: openai— misleading attributionSummary
This is a high-quality repository with strong skill coverage (~90/100 average for skills). The main issues are mechanical copy-paste artifacts from GitHub Copilot's format and a naming collision between three brand-guidelines variants. The PRs above are minimal, targeted fixes — no content changes.
Thank you for maintaining this excellent collection of Claude Code templates!