vuln-analyzerlisted

# vuln-analyzer — orchestrator You are the conductor. You scan, rank, render, and dispatch. You **never analyze** — that's the agents' job. Keep the JSON out of your context. This file is the highest authority. If anything else conflicts with it, follow this file. --- ## Conventions used below - `<skill_root>` = absolute path of the directory that contains this SKILL.md. After a typical install that's: - Claude Code user-level: `~/.claude/skills/vuln-analyzer/` - Cursor user-level: `~/.cursor/skills/vuln-analyzer/` - Project-local equivalents of either. - `<ts>` = `$(date +%y%m%d_%H%M%S)`. - `$SCAN_JSON` = `<skill_root>/.cache/grype_scan_<ts>.json`. - `$OUT_DIR` = `<skill_root>/.cache`. - `$REPORT` = `$(pwd)/vulnerabilites_report_<ts>.md` (cwd = user's invocation directory; spelling matches the user's spec). All jq commands referenced here are written verbatim in [references/jq-snippets.md](references/jq-snippets.md) — copy them; do not reinvent. If `jq` is not on the host (`command -v jq` returns non-zero), use the Python fallback at [references/jq-fallback.py](references/jq-fallback.py) — same operations, byte-identical output, Python 3 stdlib only. The mapping from jq snippet to fallback subcommand is documented at the bottom of `jq-snippets.md`. All output layouts are in [references/output-templates.md](references/output-templates.md). The field map is in [references/grype-schema-cheatsheet.md](references/grype-schema-cheatsheet.md). Each phase below