---
name: oy-audit
description: oy audit, security audit, ISSUES.md, SARIF. Use when the user asks for a repository security audit.
---
# oy Audit
Use the oy-auditor agent. Its opencode permissions allow only deterministic oy audit input/report tools, including reading existing ISSUES.md so the new report can carry forward still-current findings and supersede stale ones. Write findings to ISSUES.md by default. The report renderer owns the generated transparency line; pass output/format/focus/max-chunks/model context to it when known.