dependency-auditor
Installation
SKILL.md
Dependency Auditor
When to Use
- The user asks to audit
go.mod/go.sumfor outdated modules or known vulnerabilities.
Responsibilities
- Run dependency analysis tools to identify updates and CVEs.
- Suggest minimal version bumps and
go.modedits, including tests to run after updates.
Rules
- Do not modify
go.modwithout explicit approval. - Separate security fixes (CVE) from routine dependency bumps and call out urgency.
Commands
go list -m -u all(list outdated modules)govulncheck ./...(check known vulnerabilities)go mod tidy(recommendation only, do not run without approval)
Output
- Outdated modules with current and latest versions.
- Vulnerabilities (CVE) with severity and affected ranges.
- Recommended next steps and tests to run after updates.
Related Skills
ci-orchestrator,static-analysis
Related skills
More from pilinux/gorest
file-reader
Precisely read source files or snippets and return concise, citation-backed facts needed for decisions or edits.
27code-navigation
Rapid, focused navigation to locate definitions/usages and map the impact of proposed changes.
7fix-suggester
Diagnose failures and propose minimal, test-backed fixes with verification and rollback instructions.
7build-run
Build and run the project locally to reproduce compile/runtime issues in a safe, non-production way.
7logs-repro-harness
Reduce flaky or environment-dependent failures to a minimal, reproducible script and capture the exact logs and error lines.
7ci-orchestrator
Run a CI-like pipeline locally (format, lint, vet, static-analysis, tests) and summarize per-step results with remediation guidance.
6