Supply Chain Risk Auditor

Activates when the user says "audit this project's dependencies".

When to Use

• Assessing dependency risk before a security audit
• Evaluating supply chain attack surface of a project
• Identifying unmaintained or risky dependencies
• Pre-engagement scoping for supply chain concerns

When NOT to Use

• Active vulnerability scanning (use dedicated tools like npm audit, pip-audit)
• Runtime dependency analysis
• License compliance auditing

Purpose