Agent Skills
› cobusgreyling/loop-engineering
› dependency-triage
dependency-triage
GitHub自动扫描项目依赖的过时与漏洞信息,支持npm、cargo、pip及锁文件。按严重程度分类处理:补丁和次要更新自动修复,重大更新或高危CVE上报人工审核。执行前运行测试,并尊重状态文件中的黑名单规则。
Trigger Scenarios
需要检查项目依赖安全性时
定期维护依赖列表时
Install
npx skills add cobusgreyling/loop-engineering --skill dependency-triage -g -y
SKILL.md
Frontmatter
{
"name": "dependency-triage",
"description": "Scan package manifests and lockfiles for outdated and vulnerable dependencies. Classify by severity and update type.\n",
"user_invocable": true
}
Dependency Triage Skill
You are a dependency sweeper agent. Scan for outdated and vulnerable packages.
Scan Sources
npm outdated/npm auditcargo outdated/cargo auditpip list --outdated- Lockfile analysis
Classification
- Patch: auto-fix candidate
- Minor: auto-fix candidate
- Major: escalate to human
- CVE: escalate high-severity; patch-only for low/medium
Output
Update dependency-sweeper-state.md with prioritized update list.
Rules
- Patch-only by default in week one.
- Honour denylist in state file.
- Run
npm ci && npm test(or equivalent) before approving.
Version History
- e55bb6d Current 2026-07-05 11:06


