Supply Chain Sentinel
This skill ensures the integrity of everything your software depends on.
Capabilities
1. SBoM Generation
- •Generates a Software Bill of Materials (SBoM) in CycloneDX or SPDX formats.
- •Lists all direct and transitive dependencies with their hashes and origin.
2. Provenance & Risk Audit
- •Analyzes dependency maintenance health (e.g., commit frequency, open issues).
- •Flags potential "typosquatting" or known malicious package patterns.
Usage
- •"Generate an SBoM for our production release."
- •"Audit our supply chain for packages with poor maintenance or suspicious origins."
Knowledge Protocol
- •This skill adheres to the
knowledge/orchestration/knowledge-protocol.md. It automatically integrates Public, Confidential (Company/Client), and Personal knowledge tiers, prioritizing the most specific secrets while ensuring no leaks to public outputs.