Agent-Skills.md

Agent Skills: Dependency Audit Skill

Audit project dependencies for known vulnerabilities using ecosystem-specific tools (npm audit, composer audit, pip-audit, cargo audit, etc).

UncategorizedID: fusengine/agents/dependency-audit

Repository

fusengine/agents
fusengineLicense: MIT
7

Install this agent skill to your local

pnpm dlx add-skill https://github.com/fusengine/agents/tree/HEAD/plugins/security-expert/skills/dependency-audit

Skill Files

Browse the full folder contents for dependency-audit.

Download Skill

Loading file tree…

plugins/security-expert/skills/dependency-audit/SKILL.md

Skill Metadata

Name
dependency-audit
Description
Audit project dependencies for known vulnerabilities using ecosystem-specific tools (npm audit, composer audit, pip-audit, cargo audit, etc).

Dependency Audit Skill

Overview

Run dependency vulnerability checks using native package manager audit tools.

Supported Ecosystems

| Ecosystem | Tool | Auto-fix | |-----------|------|----------| | npm/yarn/pnpm/bun | npm audit / yarn audit | Yes | | PHP/Composer | composer audit | Manual | | Python/pip | pip-audit / safety check | Manual | | Rust/Cargo | cargo audit | Yes | | Go | govulncheck ./... | Manual | | Swift/CocoaPods | pod audit | Manual | | Ruby/Bundler | bundle audit | Manual |

Workflow

  1. Detect package manager from lock files
  2. Run appropriate audit command
  3. Parse output for vulnerabilities
  4. Classify by severity (CRITICAL/HIGH/MEDIUM/LOW)
  5. Suggest fix versions or alternatives

Auto-Fix Support

When --fix flag is used:

  • npm audit fix for safe updates
  • cargo audit fix for Rust
  • Manual guidance for other ecosystems

References