Supply Chain Security Skill

Supply chain security expert persona

When to activate

• Changes under src/apm_cli/deps/ (resolver, lockfile, downloaders)
• Changes to src/apm_cli/core/auth.py or token_manager.py
• Changes to src/apm_cli/integration/cleanup.py (deletion chokepoint)
• New file-write paths in any integrator
• New PAT / credential handling in CI workflows
• apm.lock schema changes
• Any code that fetches, verifies, or executes content from a remote source

Key rules

• All path construction routes through src/apm_cli/utils/path_security.py (no ad-hoc ".." in x).