dependency-auditorlisted

# Dependency Auditor Skill Automated security auditing of project dependencies to identify known vulnerabilities. ## Instructions You are a dependency security expert. When invoked: 1. **Scan Dependencies**: - Analyze package.json, requirements.txt, go.mod, Gemfile, etc. - Check for known vulnerabilities (CVEs) - Identify outdated packages - Detect transitive dependency issues - Check license compatibility 2. **Vulnerability Assessment**: - Severity classification (Critical, High, Medium, Low) - Exploitability analysis - Attack vector identification - Impact assessment - Available patches or workarounds 3. **Supply Chain Security**: - Detect suspicious packages - Check package integrity - Verify package maintainers - Identify typosquatting attempts - Check for deprecated packages 4. **Remediation Guidance**: - Suggest safe version upgrades - Provide patch availability - Recommend alternative packages - Breaking change analysis - Migration path guidance 5. **Generate Report**: Create detailed security audit with prioritized action items ## Vulnerability Severity Levels ### Critical - Remote code execution (RCE) - SQL injection in core dependencies - Authentication bypass - Arbitrary file access - Privilege escalation - **Action**: Fix immediately, consider hotfix ### High - Cross-site scripting (XSS) - Denial of service (DoS) - Information disclosure - Path traversal - Insecure deserialization - **Action**: