Rules Reference
This section contains all 342 validation rules generated from knowledge-base/rules.json.
102 rules have automatic fixes.
| Rule | Name | Severity | Category | Auto-Fix |
|---|---|---|---|---|
| AGM-001 | Valid Markdown Structure | HIGH | AGENTS.md | Yes (safe) |
| AGM-002 | Missing Section Headers | MEDIUM | AGENTS.md | No |
| AGM-003 | Character Limit (Windsurf) | MEDIUM | AGENTS.md | No |
| AGM-004 | Missing Project Context | MEDIUM | AGENTS.md | No |
| AGM-005 | Platform-Specific Features Without Guard | MEDIUM | AGENTS.md | No |
| AGM-006 | Nested AGENTS.md Hierarchy | MEDIUM | AGENTS.md | No |
| AMP-001 | Invalid Amp Check Frontmatter | HIGH | Amp Checks | Yes (safe) |
| AMP-002 | Invalid Amp severity-default | MEDIUM | Amp Checks | Yes (safe) |
| AMP-003 | Invalid AGENTS.md globs Frontmatter for Amp | MEDIUM | Amp Checks | No |
| AMP-004 | Invalid Amp Settings Configuration | HIGH | Amp Checks | Yes (safe) |
| AMP-SK-001 | Amp Skill Uses Unsupported Field | MEDIUM | Amp Skills | Yes (safe/unsafe) |
| AS-001 | Missing Frontmatter | HIGH | Agent Skills | Yes (safe) |
| AS-002 | Missing Required Field: name | HIGH | Agent Skills | Yes (safe) |
| AS-003 | Missing Required Field: description | HIGH | Agent Skills | Yes (safe) |
| AS-004 | Invalid Name Format | HIGH | Agent Skills | Yes (safe/unsafe) |
| AS-005 | Name Starts/Ends with Hyphen | HIGH | Agent Skills | Yes (safe) |
| AS-006 | Consecutive Hyphens in Name | HIGH | Agent Skills | Yes (safe) |
| AS-007 | Reserved Name | HIGH | Agent Skills | No |
| AS-008 | Description Too Short | HIGH | Agent Skills | No |
| AS-009 | Description Contains XML | HIGH | Agent Skills | Yes (safe) |
| AS-010 | Missing Trigger Phrase | MEDIUM | Agent Skills | Yes (unsafe) |
| AS-011 | Compatibility Too Long | HIGH | Agent Skills | No |
| AS-012 | Content Exceeds 500 Lines | MEDIUM | Agent Skills | No |
| AS-013 | File Reference Too Deep | HIGH | Agent Skills | No |
| AS-014 | Windows Path Separator | HIGH | Agent Skills | Yes (safe) |
| AS-015 | Upload Size Exceeds 8MB | HIGH | Agent Skills | No |
| AS-016 | Skill Parse Error | HIGH | Agent Skills | No |
| AS-017 | Name Must Match Parent Directory | HIGH | Agent Skills | No |
| AS-018 | Description Uses First or Second Person | MEDIUM | Agent Skills | No |
| AS-019 | Vague Skill Name | MEDIUM | Agent Skills | No |
| CC-AG-001 | Missing Name Field | HIGH | Claude Agents | Yes (safe) |
| CC-AG-002 | Missing Description Field | HIGH | Claude Agents | Yes (safe) |
| CC-AG-003 | Invalid Model Value | HIGH | Claude Agents | Yes (unsafe) |
| CC-AG-004 | Invalid Permission Mode | HIGH | Claude Agents | Yes (unsafe) |
| CC-AG-005 | Referenced Skill Not Found | HIGH | Claude Agents | No |
| CC-AG-006 | Tool/Disallowed Conflict | HIGH | Claude Agents | No |
| CC-AG-007 | Agent Parse Error | HIGH | Claude Agents | No |
| CC-AG-008 | Invalid Memory Scope | HIGH | Claude Agents | Yes (unsafe) |
| CC-AG-009 | Invalid Tool Name in Tools List | HIGH | Claude Agents | No |
| CC-AG-010 | Invalid Tool Name in DisallowedTools | HIGH | Claude Agents | No |
| CC-AG-011 | Invalid Hooks in Agent Frontmatter | HIGH | Claude Agents | No |
| CC-AG-012 | Bypass Permissions Warning | HIGH | Claude Agents | Yes (unsafe) |
| CC-AG-013 | Invalid Skill Name Format | MEDIUM | Claude Agents | Yes (unsafe) |
| CC-HK-001 | Invalid Hook Event | HIGH | Claude Hooks | Yes (safe/unsafe) |
| CC-HK-002 | Prompt Hook on Wrong Event | HIGH | Claude Hooks | No |
| CC-HK-003 | Matcher Hint for Tool Events | LOW | Claude Hooks | No |
| CC-HK-004 | Matcher on Non-Tool Event | HIGH | Claude Hooks | Yes (safe) |
| CC-HK-005 | Missing Type Field | HIGH | Claude Hooks | Yes (safe) |
| CC-HK-006 | Missing Command Field | HIGH | Claude Hooks | No |
| CC-HK-007 | Missing Prompt Field | HIGH | Claude Hooks | No |
| CC-HK-008 | Script File Not Found | HIGH | Claude Hooks | No |
| CC-HK-009 | Dangerous Command Pattern | HIGH | Claude Hooks | No |
| CC-HK-010 | Timeout Policy | MEDIUM | Claude Hooks | Yes (safe) |
| CC-HK-011 | Invalid Timeout Value | HIGH | Claude Hooks | Yes (unsafe) |
| CC-HK-012 | Hooks Parse Error | HIGH | Claude Hooks | No |
| CC-HK-013 | Async on Non-Command Hook | HIGH | Claude Hooks | Yes (safe) |
| CC-HK-014 | Once Outside Skill/Agent Frontmatter | MEDIUM | Claude Hooks | Yes (safe) |
| CC-HK-015 | Model on Command Hook | MEDIUM | Claude Hooks | Yes (safe) |
| CC-HK-016 | Validate Hook Type Agent | HIGH | Claude Hooks | Yes (unsafe) |
| CC-HK-017 | Prompt/Agent Hook Missing $ARGUMENTS | MEDIUM | Claude Hooks | Yes (safe) |
| CC-HK-018 | Matcher on UserPromptSubmit/Stop | LOW | Claude Hooks | Yes (safe) |
| CC-HK-019 | Deprecated Setup Event | MEDIUM | Claude Hooks | Yes (unsafe) |
| CC-MEM-001 | Invalid Import Path | HIGH | Claude Memory | No |
| CC-MEM-002 | Circular Import | HIGH | Claude Memory | No |
| CC-MEM-003 | Import Depth Exceeds 5 | HIGH | Claude Memory | No |
| CC-MEM-004 | Invalid Command Reference | MEDIUM | Claude Memory | No |
| CC-MEM-005 | Generic Instruction | HIGH | Claude Memory | Yes (safe) |
| CC-MEM-006 | Negative Without Positive | HIGH | Claude Memory | No |
| CC-MEM-007 | Weak Constraint Language | HIGH | Claude Memory | Yes (safe/unsafe) |
| CC-MEM-008 | Critical Content in Middle | HIGH | Claude Memory | No |
| CC-MEM-009 | Token Count Exceeded | MEDIUM | Claude Memory | No |
| CC-MEM-010 | README Duplication | MEDIUM | Claude Memory | No |
| CC-MEM-011 | Invalid Paths Glob in Rules | HIGH | Claude Memory | No |
| CC-MEM-012 | Rules File Unknown Frontmatter Key | MEDIUM | Claude Memory | Yes (unsafe) |
| CC-PL-001 | Plugin Manifest Not in .claude-plugin/ | HIGH | Claude Plugins | No |
| CC-PL-002 | Components in .claude-plugin/ | HIGH | Claude Plugins | No |
| CC-PL-003 | Invalid Semver | HIGH | Claude Plugins | Yes (safe) |
| CC-PL-004 | Missing Required/Recommended Plugin Field | HIGH | Claude Plugins | No |
| CC-PL-005 | Empty Plugin Name | HIGH | Claude Plugins | Yes (unsafe) |
| CC-PL-006 | Plugin Parse Error | HIGH | Claude Plugins | No |
| CC-PL-007 | Invalid Component Path | HIGH | Claude Plugins | Yes (safe) |
| CC-PL-008 | Component Inside .claude-plugin | HIGH | Claude Plugins | No |
| CC-PL-009 | Invalid Author Object | MEDIUM | Claude Plugins | No |
| CC-PL-010 | Invalid Homepage URL | MEDIUM | Claude Plugins | No |
| CC-SK-001 | Invalid Model Value | HIGH | Claude Skills | Yes (unsafe) |
| CC-SK-002 | Invalid Context Value | HIGH | Claude Skills | Yes (unsafe) |
| CC-SK-003 | Context Without Agent | HIGH | Claude Skills | Yes (unsafe) |
| CC-SK-004 | Agent Without Context | HIGH | Claude Skills | Yes (unsafe) |
| CC-SK-005 | Invalid Agent Type | HIGH | Claude Skills | Yes (unsafe) |
| CC-SK-006 | Dangerous Auto-Invocation | HIGH | Claude Skills | Yes (unsafe) |
| CC-SK-007 | Unrestricted Bash | MEDIUM | Claude Skills | Yes (unsafe) |
| CC-SK-008 | Unknown Tool Name | HIGH | Claude Skills | No |
| CC-SK-009 | Too Many Injections | MEDIUM | Claude Skills | No |
| CC-SK-010 | Invalid Hooks in Skill Frontmatter | HIGH | Claude Skills | No |
| CC-SK-011 | Unreachable Skill | HIGH | Claude Skills | Yes (unsafe) |
| CC-SK-012 | Argument Hint Without $ARGUMENTS | MEDIUM | Claude Skills | Yes (unsafe) |
| CC-SK-013 | Fork Context Without Actionable Instructions | MEDIUM | Claude Skills | No |
| CC-SK-014 | Invalid disable-model-invocation Type | HIGH | Claude Skills | Yes (safe) |
| CC-SK-015 | Invalid user-invocable Type | HIGH | Claude Skills | Yes (safe) |
| CC-SK-016 | Indexed $ARGUMENTS Without argument-hint | MEDIUM | Claude Skills | No |
| CC-SK-017 | Unknown Frontmatter Field | MEDIUM | Claude Skills | No |
| CDX-000 | TOML Parse Error | HIGH | Codex CLI | No |
| CDX-001 | Invalid Approval Mode | HIGH | Codex CLI | Yes (unsafe) |
| CDX-002 | Invalid Full Auto Error Mode | HIGH | Codex CLI | Yes (unsafe) |
| CDX-003 | AGENTS.override.md in Version Control | MEDIUM | Codex CLI | No |
| CDX-004 | Unknown Config Key | MEDIUM | Codex CLI | Yes (safe) |
| CDX-005 | project_doc_max_bytes Exceeds Limit | HIGH | Codex CLI | No |
| CDX-006 | Invalid project_doc_fallback_filenames | HIGH | Codex CLI | No |
| CDX-CFG-001 | Invalid approval_policy Value | HIGH | Codex CLI | No |
| CDX-CFG-002 | Invalid sandbox_mode Value | HIGH | Codex CLI | No |
| CDX-CFG-003 | Invalid model_reasoning_effort Value | HIGH | Codex CLI | No |
| CDX-CFG-004 | Invalid model_verbosity Value | HIGH | Codex CLI | No |
| CDX-CFG-005 | Invalid personality Value | HIGH | Codex CLI | No |
| CDX-CFG-006 | Unknown Codex Config Field | MEDIUM | Codex CLI | No |
| CDX-CFG-007 | Danger Full Access Without Acknowledgment | HIGH | Codex CLI | No |
| CDX-CFG-008 | Invalid shell_environment_policy.inherit Value | HIGH | Codex CLI | No |
| CDX-CFG-009 | Invalid MCP Server Structure in Codex Config | HIGH | Codex CLI | No |
| CDX-CFG-010 | Hardcoded Secret in Codex Config | HIGH | Codex CLI | No |
| CDX-CFG-011 | Invalid Feature Flag Name | MEDIUM | Codex CLI | No |
| CDX-CFG-012 | Invalid cli_auth_credentials_store Value | HIGH | Codex CLI | No |
| CDX-CFG-013 | Invalid sandbox_workspace_write Mode | HIGH | Codex CLI | No |
| CDX-CFG-014 | Invalid model Value | MEDIUM | Codex CLI | No |
| CDX-CFG-015 | Invalid model_provider Value | HIGH | Codex CLI | No |
| CDX-CFG-016 | Invalid model_reasoning_summary Value | MEDIUM | Codex CLI | No |
| CDX-CFG-017 | Invalid history Configuration | MEDIUM | Codex CLI | No |
| CDX-CFG-018 | Invalid tui Configuration | MEDIUM | Codex CLI | No |
| CDX-CFG-019 | Invalid file_opener Value | MEDIUM | Codex CLI | No |
| CDX-CFG-020 | Invalid MCP OAuth Config | HIGH | Codex CLI | No |
| CDX-CFG-021 | Invalid model_context_window Value | MEDIUM | Codex CLI | No |
| CDX-CFG-022 | Invalid model_auto_compact_token_limit Value | MEDIUM | Codex CLI | No |
| CDX-AG-001 | Empty AGENTS.md for Codex | HIGH | Codex CLI | No |
| CDX-AG-002 | Secrets in AGENTS.md for Codex | HIGH | Codex CLI | No |
| CDX-AG-003 | Generic AGENTS.md Guidance for Codex | MEDIUM | Codex CLI | No |
| CDX-AG-004 | AGENTS.md Exceeds Size Limit | MEDIUM | Codex CLI | No |
| CDX-AG-005 | AGENTS.md References Missing File | MEDIUM | Codex CLI | No |
| CDX-AG-006 | AGENTS.md Missing Project Context | LOW | Codex CLI | No |
| CDX-AG-007 | AGENTS.md Contradicts config.toml | MEDIUM | Codex CLI | No |
| CDX-APP-001 | Invalid default_tools_approval_mode Value | HIGH | Codex CLI | No |
| CDX-APP-002 | Invalid skills Configuration | MEDIUM | Codex CLI | No |
| CDX-APP-003 | Invalid profile Configuration | MEDIUM | Codex CLI | No |
| CL-SK-001 | Cline Skill Uses Unsupported Field | MEDIUM | Cline Skills | Yes (safe/unsafe) |
| CLN-001 | Empty Cline Rules File | HIGH | Cline | No |
| CLN-002 | Invalid Paths Glob in Cline Rules | HIGH | Cline | No |
| CLN-003 | Unknown Frontmatter Key in Cline Rules | MEDIUM | Cline | Yes (unsafe) |
| CLN-004 | Scalar Paths in Cline Rules | HIGH | Cline | Yes (safe) |
| COP-001 | Empty Copilot Instruction File | HIGH | GitHub Copilot | No |
| COP-002 | Invalid Frontmatter in Scoped Instructions | HIGH | GitHub Copilot | Yes (unsafe) |
| COP-003 | Invalid Glob Pattern in applyTo | HIGH | GitHub Copilot | No |
| COP-004 | Unknown Frontmatter Keys | MEDIUM | GitHub Copilot | Yes (safe) |
| COP-005 | Invalid excludeAgent Value | HIGH | GitHub Copilot | Yes (unsafe) |
| COP-006 | File Length Limit | MEDIUM | GitHub Copilot | No |
| COP-007 | Custom Agent Missing Description | HIGH | GitHub Copilot | No |
| COP-008 | Custom Agent Unknown or Invalid Frontmatter Field | MEDIUM | GitHub Copilot | Yes (safe) |
| COP-009 | Custom Agent Invalid Target | HIGH | GitHub Copilot | Yes (unsafe) |
| COP-010 | Custom Agent infer Field Must Be Boolean | MEDIUM | GitHub Copilot | No |
| COP-011 | Custom Agent Prompt Body Exceeds Length Limit | HIGH | GitHub Copilot | No |
| COP-012 | Custom Agent Uses GitHub.com Unsupported Fields | MEDIUM | GitHub Copilot | Yes (safe) |
| COP-013 | Prompt File Empty Body | HIGH | GitHub Copilot | No |
| COP-014 | Prompt File Unknown Frontmatter Field | MEDIUM | GitHub Copilot | Yes (safe) |
| COP-015 | Prompt File Invalid Agent Mode | HIGH | GitHub Copilot | Yes (safe) |
| COP-017 | Copilot Hooks Schema Validation | HIGH | GitHub Copilot | No |
| COP-018 | Copilot Setup Steps Missing or Invalid copilot-setup-steps Job | HIGH | GitHub Copilot | No |
| CP-SK-001 | Copilot Skill Uses Unsupported Field | MEDIUM | Copilot Skills | Yes (safe/unsafe) |
| CR-SK-001 | Cursor Skill Uses Unsupported Field | MEDIUM | Cursor Skills | Yes (safe/unsafe) |
| CUR-001 | Empty Cursor Rule File | HIGH | Cursor | No |
| CUR-002 | Missing Frontmatter in .mdc File | MEDIUM | Cursor | Yes (unsafe) |
| CUR-003 | Invalid YAML Frontmatter | HIGH | Cursor | No |
| CUR-004 | Invalid Glob Pattern in globs Field | HIGH | Cursor | No |
| CUR-005 | Unknown Frontmatter Keys | MEDIUM | Cursor | Yes (safe) |
| CUR-006 | Legacy .cursorrules File Detected | MEDIUM | Cursor | No |
| CUR-007 | alwaysApply with Redundant globs | MEDIUM | Cursor | Yes (safe) |
| CUR-008 | Invalid alwaysApply Type | HIGH | Cursor | Yes (safe) |
| CUR-009 | Missing Description for Agent-Requested Rule | MEDIUM | Cursor | No |
| CUR-010 | Invalid Cursor Hooks Schema | HIGH | Cursor | No |
| CUR-011 | Unknown Cursor Hook Event Name | MEDIUM | Cursor | Yes (safe) |
| CUR-012 | Hook Entry Missing Required Command Field | HIGH | Cursor | No |
| CUR-013 | Invalid Cursor Hook Type Value | HIGH | Cursor | Yes (safe) |
| CUR-014 | Invalid Cursor Subagent Frontmatter | HIGH | Cursor | No |
| CUR-015 | Empty Cursor Subagent Body | MEDIUM | Cursor | No |
| CUR-016 | Invalid Cursor Environment Schema | HIGH | Cursor | No |
| CX-SK-001 | Codex Skill Uses Unsupported Field | MEDIUM | Codex Skills | Yes (safe/unsafe) |
| GM-001 | Invalid Markdown Structure in GEMINI.md | HIGH | Gemini CLI | Yes (safe) |
| GM-002 | Missing Section Headers in GEMINI.md | MEDIUM | Gemini CLI | No |
| GM-003 | Missing Project Context in GEMINI.md | MEDIUM | Gemini CLI | No |
| GM-004 | Invalid Hooks Configuration in Gemini Settings | MEDIUM | Gemini CLI | No |
| GM-005 | Invalid Extension Manifest | HIGH | Gemini CLI | No |
| GM-006 | Invalid .geminiignore File | LOW | Gemini CLI | No |
| GM-007 | @import File Not Found in GEMINI.md | MEDIUM | Gemini CLI | No |
| GM-008 | Invalid Context File Name Configuration | LOW | Gemini CLI | Yes (safe) |
| GM-009 | Settings.json Parse Error | HIGH | Gemini CLI | Yes (safe) |
| KIRO-001 | Invalid Steering File Inclusion Mode | HIGH | Kiro Steering | Yes (safe) |
| KIRO-002 | Missing Required Fields for Inclusion Mode | HIGH | Kiro Steering | No |
| KIRO-003 | Invalid fileMatchPattern Glob | MEDIUM | Kiro Steering | No |
| KIRO-004 | Empty Kiro Steering File | MEDIUM | Kiro Steering | No |
| KIRO-005 | Empty Steering Body After Frontmatter | MEDIUM | Kiro Steering | No |
| KIRO-006 | Secrets Detected in Steering File | HIGH | Kiro Steering | No |
| KIRO-007 | fileMatchPattern Without fileMatch Inclusion | MEDIUM | Kiro Steering | No |
| KIRO-008 | Unknown Kiro Steering Frontmatter Field | MEDIUM | Kiro Steering | No |
| KIRO-009 | Broken Inline File Reference in Steering | MEDIUM | Kiro Steering | No |
| KIRO-010 | Missing Inclusion Mode | MEDIUM | Kiro Steering | No |
| KIRO-011 | Steering Doc Excessively Long | LOW | Kiro Steering | No |
| KIRO-012 | Duplicate Steering Name | MEDIUM | Kiro Steering | No |
| KIRO-013 | Conflicting Inclusion Modes | MEDIUM | Kiro Steering | No |
| KIRO-014 | Markdown Structure Issues | LOW | Kiro Steering | No |
| KR-SK-001 | Kiro Skill Uses Unsupported Field | MEDIUM | Kiro Skills | Yes (safe/unsafe) |
| KR-AG-001 | Unknown Field in Kiro Agent JSON | MEDIUM | Kiro Agents | No |
| KR-AG-002 | Invalid Kiro Agent Resource Protocol | HIGH | Kiro Agents | No |
| KR-AG-003 | allowedTools Not Subset of tools | MEDIUM | Kiro Agents | No |
| KR-AG-004 | Invalid Kiro Agent Model Value | MEDIUM | Kiro Agents | No |
| KR-AG-005 | Kiro Agent Has No MCP Access | LOW | Kiro Agents | No |
| KR-AG-006 | Kiro Agent References Unknown Subagent | MEDIUM | Kiro Agents | No |
| KR-AG-007 | Kiro Agent Tool Scope Broader Than Referenced Subagent | MEDIUM | Kiro Agents | No |
| KR-AG-008 | Agent Missing Name | HIGH | Kiro Agents | No |
| KR-AG-009 | Agent Missing Prompt | HIGH | Kiro Agents | No |
| KR-AG-010 | Duplicate Tool Entries | MEDIUM | Kiro Agents | No |
| KR-AG-011 | Empty Tools Array | LOW | Kiro Agents | No |
| KR-AG-012 | toolAliases References Unknown Tool | MEDIUM | Kiro Agents | No |
| KR-AG-013 | Secrets in Agent Prompt | HIGH | Kiro Agents | No |
| KR-HK-001 | Invalid Kiro IDE Hook Event Type | HIGH | Kiro Hooks | No |
| KR-HK-002 | Kiro File Hook Missing Patterns | HIGH | Kiro Hooks | No |
| KR-HK-003 | Kiro IDE Hook Missing Action | HIGH | Kiro Hooks | No |
| KR-HK-004 | Kiro Tool Hook Missing toolTypes Filter | MEDIUM | Kiro Hooks | No |
| KR-HK-005 | Invalid Kiro CLI Hook Event Key | HIGH | Kiro Hooks | No |
| KR-HK-006 | Kiro CLI Hook Missing Command | HIGH | Kiro Hooks | No |
| KR-HK-007 | Hook Timeout Out of Range | MEDIUM | Kiro Hooks | No |
| KR-HK-008 | Duplicate Event Handlers | MEDIUM | Kiro Hooks | No |
| KR-HK-009 | Command Uses Absolute Path | MEDIUM | Kiro Hooks | No |
| KR-HK-010 | Secrets in Hook Command | HIGH | Kiro Hooks | No |
| KR-MCP-001 | Kiro MCP Server Missing command and url | HIGH | Kiro MCP | No |
| KR-MCP-002 | Hardcoded Secrets in Kiro MCP env | MEDIUM | Kiro MCP | No |
| KR-MCP-003 | Missing Required Args | MEDIUM | Kiro MCP | No |
| KR-MCP-004 | Invalid MCP URL | HIGH | Kiro MCP | No |
| KR-MCP-005 | Duplicate MCP Server Names | MEDIUM | Kiro MCP | No |
| KR-PW-001 | Missing Required POWER.md Frontmatter Fields | HIGH | Kiro Powers | No |
| KR-PW-002 | Empty POWER.md Keywords Array | MEDIUM | Kiro Powers | No |
| KR-PW-003 | Empty POWER.md Body | MEDIUM | Kiro Powers | No |
| KR-PW-004 | Invalid Adjacent Power mcp.json Structure | MEDIUM | Kiro Powers | No |
| KR-PW-005 | Step Missing Description | HIGH | Kiro Powers | No |
| KR-PW-006 | Duplicate Keywords | LOW | Kiro Powers | No |
| KR-PW-007 | Name Invalid Characters | MEDIUM | Kiro Powers | No |
| KR-PW-008 | Secrets in Power Body | HIGH | Kiro Powers | No |
| MCP-001 | Invalid JSON-RPC Version | HIGH | MCP | Yes (safe) |
| MCP-002 | Missing Required Tool Field | HIGH | MCP | No |
| MCP-003 | Invalid JSON Schema | HIGH | MCP | No |
| MCP-004 | Missing Tool Description | HIGH | MCP | No |
| MCP-005 | Tool Without User Consent | HIGH | MCP | No |
| MCP-006 | Untrusted Annotations | HIGH | MCP | No |
| MCP-007 | MCP Parse Error | HIGH | MCP | No |
| MCP-008 | Protocol Version Mismatch | MEDIUM | MCP | Yes (unsafe) |
| MCP-009 | Missing command for stdio server | HIGH | MCP | No |
| MCP-010 | Missing url for http/sse server | HIGH | MCP | No |
| MCP-011 | Invalid MCP server type | HIGH | MCP | Yes (unsafe) |
| MCP-012 | Deprecated SSE transport | HIGH | MCP | Yes (unsafe) |
| MCP-013 | Invalid Tool Name Format | HIGH | MCP | Yes (safe) |
| MCP-014 | Invalid outputSchema Definition | HIGH | MCP | No |
| MCP-015 | Missing Resource Required Fields | HIGH | MCP | No |
| MCP-016 | Missing Prompt Required Name | HIGH | MCP | No |
| MCP-017 | Non-HTTPS Remote HTTP Server URL | HIGH | MCP | Yes (safe) |
| MCP-018 | Potential Plaintext Secret in MCP Env | MEDIUM | MCP | No |
| MCP-019 | Potentially Dangerous Stdio Command | MEDIUM | MCP | No |
| MCP-020 | Unknown Capability Declaration Key | MEDIUM | MCP | No |
| MCP-021 | Wildcard HTTP Interface Binding | MEDIUM | MCP | Yes (safe) |
| MCP-022 | Invalid args Array Type | HIGH | MCP | No |
| MCP-023 | Duplicate MCP Server Names | HIGH | MCP | No |
| MCP-024 | Empty MCP Server Configuration | HIGH | MCP | No |
| OC-001 | Invalid Share Mode | HIGH | OpenCode | Yes (unsafe) |
| OC-002 | Invalid Instruction Path | HIGH | OpenCode | No |
| OC-003 | opencode.json Parse Error | HIGH | OpenCode | No |
| OC-004 | Unknown Config Key | MEDIUM | OpenCode | No |
| OC-006 | Remote URL in Instructions | LOW | OpenCode | No |
| OC-007 | Invalid Agent Definition | MEDIUM | OpenCode | No |
| OC-008 | Invalid Permission Config | HIGH | OpenCode | Yes (unsafe) |
| OC-009 | Invalid Variable Substitution | MEDIUM | OpenCode | No |
| OC-SK-001 | OpenCode Skill Uses Unsupported Field | MEDIUM | OpenCode Skills | Yes (safe/unsafe) |
| PE-001 | Lost in the Middle | MEDIUM | Prompt Engineering | No |
| PE-002 | Chain-of-Thought on Simple Task | MEDIUM | Prompt Engineering | No |
| PE-003 | Weak Imperative Language | MEDIUM | Prompt Engineering | Yes (unsafe) |
| PE-004 | Ambiguous Instructions | MEDIUM | Prompt Engineering | No |
| PE-005 | Redundant Generic Instructions | MEDIUM | Prompt Engineering | Yes (safe) |
| PE-006 | Negative-Only Instructions | MEDIUM | Prompt Engineering | No |
| RC-SK-001 | Roo Code Skill Uses Unsupported Field | MEDIUM | Roo Code Skills | Yes (safe/unsafe) |
| REF-001 | Import File Not Found | HIGH | References | No |
| REF-002 | Broken Markdown Link | HIGH | References | No |
| REF-003 | Duplicate Import | MEDIUM | References | Yes (safe) |
| REF-004 | Non-Markdown Import | MEDIUM | References | No |
| ROO-001 | Empty Roo Code Rule File | HIGH | Roo Code | No |
| ROO-002 | Invalid .roomodes Configuration | HIGH | Roo Code | No |
| ROO-003 | Invalid .rooignore File | MEDIUM | Roo Code | No |
| ROO-004 | Invalid Mode Slug in Rule Directory | MEDIUM | Roo Code | No |
| ROO-005 | Invalid .roo/mcp.json Configuration | HIGH | Roo Code | No |
| ROO-006 | Mode Slug Not Recognized | MEDIUM | Roo Code | No |
| VER-001 | No Tool/Spec Versions Pinned | LOW | Version Awareness | No |
| WS-001 | Empty Windsurf Rule File | MEDIUM | windsurf | No |
| WS-002 | Windsurf Rule File Exceeds Character Limit | HIGH | windsurf | No |
| WS-003 | Empty or Oversized Windsurf Workflow File | MEDIUM | windsurf | No |
| WS-004 | Legacy .windsurfrules File Detected | LOW | windsurf | No |
| WS-SK-001 | Windsurf Skill Uses Unsupported Field | MEDIUM | Windsurf Skills | Yes (safe/unsafe) |
| XML-001 | Unclosed XML Tag | HIGH | XML | Yes (unsafe) |
| XML-002 | Mismatched Closing Tag | HIGH | XML | Yes (unsafe) |
| XML-003 | Unmatched Closing Tag | HIGH | XML | Yes (unsafe) |
| XP-001 | Platform-Specific Feature in Generic Config | HIGH | Cross-Platform | No |
| XP-002 | AGENTS.md Platform Compatibility | MEDIUM | Cross-Platform | No |
| XP-003 | Hard-Coded Platform Paths | MEDIUM | Cross-Platform | No |
| XP-004 | Conflicting Build/Test Commands | MEDIUM | Cross-Platform | No |
| XP-005 | Conflicting Tool Constraints | HIGH | Cross-Platform | No |
| XP-006 | Multiple Layers Without Documented Precedence | MEDIUM | Cross-Platform | No |
| XP-007 | AGENTS.md Exceeds Codex Byte Limit | MEDIUM | Cross-Platform | No |
| XP-008 | Claude-specific Features in CLAUDE.md for Cursor | MEDIUM | Cross-Platform | No |
| XP-SK-001 | Skill Uses Client-Specific Features | LOW | Cross-Platform | No |
| OC-CFG-001 | Invalid Model Format | HIGH | OpenCode | No |
| OC-CFG-002 | Invalid autoupdate value | HIGH | OpenCode | No |
| OC-CFG-003 | Unknown Top-level Config Field | MEDIUM | OpenCode | No |
| OC-CFG-004 | Invalid Default Agent | MEDIUM | OpenCode | No |
| OC-CFG-005 | Hardcoded API Key | HIGH | OpenCode | No |
| OC-CFG-006 | Invalid MCP Server Structure | HIGH | OpenCode | No |
| OC-CFG-007 | MCP Server Missing Command or URL | HIGH | OpenCode | No |
| OC-AG-001 | Invalid Agent Mode Value | HIGH | OpenCode | No |
| OC-AG-002 | Invalid Color Format | HIGH | OpenCode | No |
| OC-AG-003 | Temperature Out of Range | HIGH | OpenCode | No |
| OC-AG-004 | Steps Not a Positive Integer | HIGH | OpenCode | No |
| OC-PM-001 | Invalid Permission Action | HIGH | OpenCode | No |
| OC-PM-002 | Unknown Permission Key | MEDIUM | OpenCode | No |
| OC-AGM-001 | Empty AGENTS.md | HIGH | OpenCode | No |
| OC-AGM-002 | Secrets in AGENTS.md | HIGH | OpenCode | No |
| OC-DEP-001 | Deprecated mode Field | MEDIUM | OpenCode | Yes (safe) |
| OC-DEP-002 | Deprecated tools Field | MEDIUM | OpenCode | Yes (safe) |
| OC-DEP-003 | Deprecated autoshare Field | MEDIUM | OpenCode | Yes (safe) |
| OC-DEP-004 | Deprecated CONTEXT.md Filename | MEDIUM | OpenCode | No |
| OC-CFG-008 | Invalid Log Level | HIGH | OpenCode | Yes (unsafe) |
| OC-CFG-009 | Invalid Compaction Reserved | HIGH | OpenCode | No |
| OC-CFG-010 | Invalid Skills URL | HIGH | OpenCode | No |
| OC-CFG-011 | Invalid MCP Timeout | HIGH | OpenCode | No |
| OC-CFG-012 | Invalid MCP OAuth Config | HIGH | OpenCode | No |
| OC-AG-005 | top_p Out of Range | HIGH | OpenCode | No |
| OC-AG-006 | Invalid Named Color | MEDIUM | OpenCode | Yes (unsafe) |
| OC-AG-007 | Redundant steps and maxSteps | MEDIUM | OpenCode | No |
| OC-AG-008 | Invalid hidden Type | HIGH | OpenCode | No |
| OC-LSP-001 | LSP Command Without Extensions | MEDIUM | OpenCode | No |
| OC-LSP-002 | Invalid LSP Extensions | HIGH | OpenCode | No |
| OC-TUI-001 | Unknown TUI Key | MEDIUM | OpenCode | No |
| OC-TUI-002 | Invalid scroll_speed | HIGH | OpenCode | No |
| OC-TUI-003 | Invalid diff_style | HIGH | OpenCode | Yes (unsafe) |