Date: 2026-05-25 Importance: High Status: Audit delivered (done); proposed rewrites pending Sam approval.
Sam asked, with the prompt-engineer skill loaded, for an audit of his most-used skills and the ones hardest to execute efficiently, with feedback on the prompts. He chose two scoping options: derive the skill set from Notion session history, and deliver feedback with proposed rewrites only (no on-disk changes).
Pulled the SAIL Knowledge Base session exports to rank skills by usage and by how often they get blocked/retried/corrected. Selected 7: notion-session-export, wp-content-deployer, pre-publish-qa, google-ads-optimizer, google-ads-daily-negatives, screaming-frog-crawl, screaming-frog-ingest. Read all 7 SKILL.md files (the Cowork plugin copies) and audited them against prompt-engineering principles.
Deliverable: /Users/samaguiar/Projects/SKILL-PROMPT-AUDIT-2026-05-25.md — full report with per-skill findings, severity ratings, and ready-to-paste rewritten prompt sections.
Severity totals: 3 Critical, 14 High, 17 Medium, 6 Low.
Critical:
wp-content-deployer carries the live WordPress app password in plaintext, twice, and tells agents to use it directly. google-ads-daily-negatives carries the Pipedream secret/client ID and the Google Ads developer token in plaintext. These files sync to the sail-skills GitHub repo. Treat as exposed; rotate.google-ads-optimizer line 19 sources the vault from /sessions/keen-modest-goodall/..., a dead past-session mount. Broken on every run.google-ads-daily-negatives also has a duplicate YAML frontmatter block.Cross-cutting patterns: machine-pinned and session-pinned local paths; duplicated config that has already drifted (banned-words list differs between notion-session-export and pre-publish-qa); internal contradictions (wp-content-deployer www vs no-www URL; screaming-frog over_60 filename vs generic Over X Characters filter); stale model string claude-sonnet-4-5-20250929 in notion-session-export; a screaming-frog QA block that stalls if an external file is missing; deterministic checks done as prose instead of a validator script; inconsistent versioning.
notion-session-export also conflicts with Sam's own ~5,000-char export cap (it says "do not summarize, document") and calls the database "Claude Knowledge Base" when it is "SAIL Knowledge Base."
Work complete. Audit delivered as requested. Session reached its natural end; no context pressure. Ended for self-audit and this export.