supply-chain-risk-auditor

trailofbits/skills

Activates when the user says "audit this project's dependencies".

Installs279

Install command

npx skills add https://github.com/trailofbits/skills --skill supply-chain-risk-auditor

Security audits

Gen Agent Trust HubPASS

SocketPASS

SnykWARN

About this skill

Activates when the user says "audit this project's dependencies". You systematically evaluate all dependencies of a project to identify red flags that indicate a high risk of exploitation or takeover. You generate a summary report noting these issues. A dependency is considered high-risk if it features any of the following risk factors: Ensure that the gh tool is available before continuing. Ask the user to install if it is not found. You achieve your purpose by: NOTE: Do not add sections beyond those noted in results-template.md . - Assessing dependency risk before a security audit - Evaluating supply chain attack surface of a project - Identifying unmaintained or risky dependencies - Pre-engagement scoping for supply chain concerns - Active vulnerability scanning (use dedicated tools like npm audit, pip-audit) - Runtime dependency analysis - License compliance auditing - Single maintainer or team of individuals - The project is primarily or solely maintained by a single individual, or a small number of individuals. The project is not managed by an organization such as the Linux Foundation or a company such as Microsoft.

Source description provided by the upstream skill listing. Community reviews and install context appear in the sections below.

Community Reviews

Latest reviews

No community reviews yet. Be the first to review.

Browse this skill in context

Agents

codex gemini-cli opencode cursor kimi-cli github-copilot

Source

trailofbits/skills

FAQ

What does supply-chain-risk-auditor do?

Activates when the user says "audit this project's dependencies".

Is supply-chain-risk-auditor good?

supply-chain-risk-auditor does not have approved reviews yet, so SkillJury cannot publish a community verdict.

What agent does supply-chain-risk-auditor work with?

supply-chain-risk-auditor currently lists compatibility with codex, gemini-cli, opencode, cursor, kimi-cli, github-copilot.

What are alternatives to supply-chain-risk-auditor?

Skills in the same category include telegram-bot-builder, flutter-app-size, sharp-edges, iterative-retrieval.

How do I install supply-chain-risk-auditor?

npx skills add https://github.com/trailofbits/skills --skill supply-chain-risk-auditor

telegram-bot-builder flutter-app-size sharp-edges iterative-retrieval

Related skills

Alternatives in Software Engineering

telegram-bot-builder

by sickn33/antigravity-awesome-skills

998

Source details, install context, and public review data are available on the full page.

Software EngineeringFrontend and DesignFirst seen Jan 18, 2026

flutter-app-size

by flutter/skills

996

Analyzes and optimizes Flutter application size by measuring build artifacts, generating size analysis reports, utilizing Dart DevTools for component breakdown, and implementing specific size reduction strategies such as debug info splitting, resource compression, and platform-specific tree-shaking. Assumes a...

Software EngineeringFrontend and Design

sharp-edges

by trailofbits/skills

994

Evaluates whether APIs, configurations, and interfaces are resistant to developer misuse. Identifies designs where the "easy path" leads to insecurity.

Software EngineeringFrontend and DesignFirst seen Jan 18, 2026

iterative-retrieval

by affaan-m/everything-claude-code

993

Solves the "context problem" in multi-agent workflows where subagents don't know what context they need until they start working.

Software EngineeringFrontend and DesignFirst seen Jan 25, 2026

supply-chain-risk-auditor

Latest reviews

Categories

Agents

Source

More from trailofbits/skills

sharp-edges

property-based-testing

codeql

audit-context-building

Alternatives in Software Engineering

telegram-bot-builder

flutter-app-size

sharp-edges

iterative-retrieval