AgentSkillsCN

dependency-guardian

分析并保护 Next.js + TypeScript 项目的依赖项。prompt-classifier 在 DEPS 阶段调用此工具,检查依赖项的兼容性、潜在冲突以及安全性问题。在确认无误后,自动执行验证与提交操作。

SKILL.md
--- frontmatter
name: dependency-guardian
description: Analyzes and protects dependencies in Next.js + TypeScript projects. Invoked by prompt-classifier on DEPS. Checks compatibility, conflicts, security. Chains verification and commit on approval.
priority: high (entry for DEPS path)
triggers: none (classifier only)

Dependency Guardian – Compatibility & Security Checker

Goal: Zero breakage on deps changes. Conservative approval gate.

Process (strict)

  1. read "package.json"
  2. Identify proposed package(s) + version from prompt
  3. Check:
    • Peer deps / conflicts with current stack (React, Next.js 15+, etc.)
    • Known issues with Vercel/edge runtime
    • Security: shell "npm audit --production --json" (scoped if possible)
    • Bundle size / alternatives
    • Duplicates (search-code for existing similar libs)
  4. Output checklist + risk level
  5. Ask approval for install/upgrade
  6. If approved:
    • shell "npm install <exact command>"
    • Chain next steps:
      • verification-guardian
      • commit-orchestrator
      • (conditional TREE.md update inside commit-orchestrator)

Output Format (exact – nothing else)

Proposed package: name@version

Checklist:

  • Peers: [pass/warn/fail] - <details>
  • Conflicts/Duplicates: [pass/warn/fail]
  • Security: [pass/warn/fail]
  • Bundle/Perf: [pass/warn/fail]
  • Runtime Compat: [pass/warn/fail]

Risk Level: Safe / Caution / Risky / Blocked

Suggested command: npm install <exact>

Approval: Proceed with install/upgrade? [y/n]

If yes, I will run the install and chain: verification-guardian → commit-orchestrator