cnoe-io/security-vulnerability-report
charts/ai-platform-engineering/data/skills/security-vulnerability-report/SKILL.md
Scan GitHub repositories for security vulnerabilities including Dependabot alerts, code scanning results, and secret scanning findings. Use when auditing repository security, preparing compliance reports, or triaging vulnerability alerts.
$ install --global
skillsauthnpx skillsauth add cnoe-io/ai-platform-engineering security-vulnerability-reportInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 4:51 PM3.8s2 files scanned
SKILL.md
- name:
- security-vulnerability-report
- description:
- Scan GitHub repositories for security vulnerabilities including Dependabot alerts, code scanning results, and secret scanning findings. Use when auditing repository security, preparing compliance reports, or triaging vulnerability alerts.
Security Vulnerability Report
Query GitHub for Dependabot alerts, code scanning results, and secret scanning findings across repositories to produce a prioritized vulnerability report.
Instructions
Phase 1: Dependabot Alerts (GitHub Agent)
- Fetch Dependabot alerts across all configured repositories
- Alert severity, affected package, CVE identifier, fix availability
Phase 2: Code Scanning Results (GitHub Agent)
- Fetch code scanning alerts - rule ID, severity, file location
Phase 3: Secret Scanning (GitHub Agent)
- Check for secret scanning alerts - secret type, revocation status
Phase 4: Compile Report
- Aggregate across repositories with cross-repo dedup
- Prioritize by severity, exploitability, fix availability
- Calculate risk score per repository
Output Format
```markdown
Security Vulnerability Report
Executive Summary
| Severity | Open | Fixed (30d) | Dismissed | |----------|------|-------------|-----------| | Critical | 2 | 5 | 0 | | High | 7 | 12 | 1 |
Critical Vulnerabilities (Immediate Action Required)
1. CVE-2026-1234 - Remote Code Execution in lodash
- Repository: ai-platform-engineering/ui
- CVSS: 9.8 | Fix: Upgrade to [email protected] ```
Examples
- "Check all repositories for security vulnerabilities"
- "Show me critical Dependabot alerts"
- "Are there any secret scanning findings?"
- "Generate a security report for the ai-platform-engineering repo"
Guidelines
- Always sort by severity (critical first), then by fix availability
- Flag any vulnerabilities with known exploits in the wild as top priority
- Deduplicate shared dependencies across repos
- Never display actual secret values in the report - only the type and location
- Reference project codeguard rules: no hardcoded credentials, no banned crypto algorithms
Related Skills
cnoe-io/streaming-testing
testing
VerifiedTrustedCommunity
Compare A2A streaming behaviour across supervisor versions. Captures SSE events, analyzes metadata flags (is_narration, is_final_answer), and produces side-by-side comparison reports.
345SKILL.mdUpdated Apr 15, 2026
cnoe-io/sprint-progress-report
testing
VerifiedTrustedCommunity
Generate a comprehensive sprint progress report from Jira with velocity metrics, burndown analysis, blocker identification, and team workload distribution. Use when preparing sprint reviews, standups, or tracking sprint health mid-cycle.
345SKILL.mdUpdated Apr 4, 2026
cnoe-io/review-specific-pr
development
VerifiedTrustedCommunity
Perform a comprehensive code review of a specific GitHub Pull Request. Analyzes code changes, checks for bugs, security issues, test coverage, and coding standards compliance. Use when a user provides a PR URL or asks to review a specific pull request.
345SKILL.mdUpdated Apr 4, 2026
cnoe-io/review-open-pull-requests
testing
VerifiedTrustedCommunity
List and analyze all open pull requests across GitHub repositories. Shows review status, CI/CD check results, age, and reviewers. Use when triaging PRs, checking team velocity, or identifying stale reviews that need attention.
345SKILL.mdUpdated Apr 4, 2026