dependency-audit

The Dependency Audit skill presents a coherent, purpose-aligned tool for evaluating risk across licenses, maintenance, security, and bloat in dependency trees. It relies on standard, defensible data sources (declared dependencies, lock files, known CVE databases) and outputs a prioritized remediation plan. No explicit credential requirements or dangerous data flows are evident in the described workflow. The primary security considerations center on external CVE data access and any optional network calls; ensure explicit user consent and clear data-handling policies for external lookups. Overall, the footprint is benign and proportionate to the stated purpose, with moderate security risk primarily tied to external advisory lookups rather than credential exposure or file-system hoarding.