lfe-dep-auditlisted

Inspector sub-skill. Reviews dependency manifest files (package.json, requirements.txt, go.mod, Cargo.toml, pom.xml) changed in the current diff for risky version patterns and stale majors. Emits a human-run audit instruction rather than executing tools. Writes .plans/checks/dep_findings.md. Called by lfe-inspector when enabled in inspector-config.md.
StChiotis/Claude-LFE · ★ 2 · Data & Documents · score 68

Install: claude install-skill StChiotis/Claude-LFE

# LFE Dependency Audit — Manifest Review + Human-Run Instruction ## Position in Pipeline - **Phase**: 3 (Inspector sub-skill) - **Persona**: Inspector (read-only; no src/ writes) - **Trigger**: Invoked by `/lfe-inspector` Sub-Skill Dispatch when `lfe-dep-audit: true` in `.docs/quality/inspector-config.md` - **Output**: `.plans/checks/dep_findings.md` — aggregated by Inspector into `critique.md` ## Mission Review any dependency manifest files touched by the current diff for known-risky version patterns, major version jumps, and unmaintained packages. Since actual vulnerability databases require tool execution, this skill emits a structured instruction block asking the Brain to run the appropriate audit command and paste the output — keeping the skill fully tool-agnostic. ## Hard Rules 0. **Dispatch Context Required (refuse direct invocation)**: This skill is dispatched by `/lfe-inspector` Step 6 — it is not a Brain-typeable skill (per `LLM_AGENT_GUIDE.md` §8.8 Skill Invocation Authority). If invoked without `.plans/builder_done.md` for the current slice, halt immediately and reply: *"`/lfe-dep-audit` is an Inspector sub-skill dispatched by `/lfe-inspector`. It cannot be run standalone. Run `/lfe-inspector` — the dispatcher will invoke this sub-skill if it is enabled in `.docs/quality/inspector-config.md` (or via an `## Inspector Overrides` section in `active_plan.md`)."* Direct invocation produces orphaned findings files and breaks the Inspector's aggregation logic. 1. **No