v0.1
Output Formats
Understanding skill-issue's table, JSON, and SARIF output formats
Output Formats
skill-issue supports three output formats, each suited for different use cases.
Table (Default)
Human-readable formatted table with colored severity indicators. Best for interactive use.
skill-issue /path/to/skill
╭──────────┬────────────┬──────────────┬──────┬──────────────────────────────────────╮
│ Severity │ Rule │ File │ Line │ Message │
├──────────┼────────────┼──────────────┼──────┼──────────────────────────────────────┤
│ ERROR │ SL-SEC-001 │ README.md │ 24 │ Possible API key detected │
│ WARNING │ SL-HID-002 │ README.md │ 12 │ HTML comment may hide instructions │
│ INFO │ SL-NET-001 │ config.yml │ 8 │ URL found in skill content │
╰──────────┴────────────┴──────────────┴──────┴──────────────────────────────────────╯
Found 3 issue(s): 1 error(s), 1 warning(s), 1 info(s)
Severity indicators are color-coded:
- ERROR — Red
- WARNING — Yellow
- INFO — Blue
Verbose Mode
Add --verbose for detailed rule information:
skill-issue --verbose /path/to/skill
This shows the full matched text and rule description for each finding.
JSON
Structured JSON output for programmatic parsing. Best for CI/CD pipelines and custom tooling.
skill-issue --format json /path/to/skill
{
"version": "0.1.0",
"skill_path": "/path/to/skill",
"findings": [
{
"rule_id": "SL-SEC-001",
"rule_name": "API Key Pattern",
"severity": "error",
"message": "Possible API key detected: api_key = \"sk-1234567890abcdefghijklmnop\"",
"location": {
"file": "README.md",
"line": 24,
"column": 1
},
"matched_text": "api_key = \"sk-1234567890abcdefghijklmnop\""
}
],
"summary": {
"total": 1,
"errors": 1,
"warnings": 0,
"info": 0
}
}
JSON Schema
| Field | Type | Description |
|---|---|---|
version |
string | skill-issue version |
skill_path |
string | Absolute path to scanned directory |
findings |
array | List of security findings |
findings[].rule_id |
string | Unique rule identifier |
findings[].rule_name |
string | Human-readable rule name |
findings[].severity |
string | error, warning, or info |
findings[].message |
string | Detailed finding message |
findings[].location.file |
string | Relative file path |
findings[].location.line |
number | Line number (1-indexed) |
findings[].location.column |
number | Column number (1-indexed) |
findings[].matched_text |
string | Text that triggered the rule |
summary.total |
number | Total findings count |
summary.errors |
number | Error count |
summary.warnings |
number | Warning count |
summary.info |
number | Info count |
Parsing with jq
# Count errors
skill-issue --format json | jq '.summary.errors'
# List all error-level findings
skill-issue --format json | jq '.findings[] | select(.severity == "error")'
# Get unique rule IDs that fired
skill-issue --format json | jq '[.findings[].rule_id] | unique'
# Extract file:line pairs
skill-issue --format json | jq -r '.findings[] | "\(.location.file):\(.location.line)"'
SARIF
Standards-based SARIF 2.1.0 format for integration with GitHub Code Scanning, Azure DevOps, and other security tools.
skill-issue --format sarif /path/to/skill > results.sarif
{
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "skill-issue",
"version": "0.1.0",
"rules": [...]
}
},
"results": [...]
}
]
}
GitHub Code Scanning
Upload SARIF results to GitHub for inline PR annotations:
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
Findings appear in the Security tab and as inline comments on pull requests.
Comparing Formats
| Feature | Table | JSON | SARIF |
|---|---|---|---|
| Human-readable | Yes | No | No |
| Parseable | No | Yes | Yes |
| Color-coded | Yes | No | No |
| GitHub integration | No | No | Yes |
| CI/CD friendly | No | Yes | Yes |
| Verbose mode | Yes | N/A | N/A |
Quiet Mode
Combine --quiet with any format to suppress non-finding output:
# Only show findings, no header or summary
skill-issue --quiet --format table
# Clean JSON with no extra output
skill-issue --quiet --format json > results.json