supply-chain-sentinel
Installation
SKILL.md
Supply Chain Sentinel
This skill ensures the integrity of everything your software depends on.
Capabilities
1. SBoM Generation
- Generates a Software Bill of Materials (SBoM) in CycloneDX or SPDX formats.
- Lists all direct and transitive dependencies with their hashes and origin.
2. Provenance & Risk Audit
- Analyzes dependency maintenance health (e.g., commit frequency, open issues).
- Flags potential "typosquatting" or known malicious package patterns.
Usage
- "Generate an SBoM for our production release."
- "Audit our supply chain for packages with poor maintenance or suspicious origins."
Knowledge Protocol
- This skill adheres to the
knowledge/orchestration/knowledge-protocol.md. It automatically integrates Public, Confidential (Company/Client), and Personal knowledge tiers, prioritizing the most specific secrets while ensuring no leaks to public outputs. \n## Governance Alignment\n\n- This skill aligns with IPA non-functional standards and FISC security guidelines to ensure enterprise-grade compliance.
Related skills
More from famaoai-creator/gemini-skills
data-transformer
Convert between CSV, JSON, and YAML formats.
23pmo-governance-lead
Output file path
21completeness-scorer
Evaluate text completeness based on criteria.
21local-reviewer
Retrieves git diff of staged files for pre-commit AI code review.
21api-fetcher
Fetch data from REST/GraphQL APIs securely.
21prompt-optimizer
Optional output file path
21