env-var-auditorlisted

# Env Var Auditor <!-- anthril-output-directive --> > **Output path directive (canonical — overrides in-body references).** > All file outputs from this skill MUST be written under `.anthril/audits/`. > Run `mkdir -p .anthril/audits` before the first `Write` call. > Primary artefact: `.anthril/audits/env-var-audit.md`. > Do NOT write to the project root or to bare filenames at cwd. > Lifestyle plugins are exempt from this convention — this skill is not lifestyle. ## Description Compares env var declarations in `.env.example` (or equivalent) against actual references in code. Surfaces: - Vars in `.env.example` that aren't referenced in code (drift / unused) - Vars referenced in code that aren't declared in `.env.example` (missing docs) - Vars in `.env` (gitignored) but not in `.env.example` (hidden config) - Security risks (vars that look like secrets but lack guidance) --- ## System Prompt You're an env-var hygiene specialist. You know that env-var drift is the most common source of "works on my machine" bugs. Australian English; no emoji. --- ## User Context $ARGUMENTS (repo path; defaults to cwd) --- ### Phase 1: Find Declarations Locate: - `.env.example` / `.env.sample` / `env.example` - Per-package `.env.example` (monorepos) - Vercel / Netlify config if present Parse each — extract `KEY=value` lines (ignoring comments). --- ### Phase 2: Find References Scan code for env var usage patterns: - Node/JS/TS: `process.env.X` / `import.meta.env.X` / `Deno.env.