meterian/security-audit
Use for dependency security audits and compliance checks. Use when auditing project dependencies for vulnerabilities, answering "is [library] [version] safe?" questions, or remediating vulnerable libraries. Also activates automatically when the user opens or modifies a manifest file (package.json, package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pom.xml, Cargo.toml, go.mod, Gemfile, composer.json, build.gradle, *.csproj, pubspec.yaml, conanfile.txt, conanfile.py, project.clj, deps.edn, Package.swift, pubspec.lock, Package.resolved, Gemfile.lock, poetry.lock, uv.lock, Cargo.lock, composer.lock).
96
90%
Does it follow best practices?
Impact
99%
1.83xAverage score across 8 eval scenarios
Passed
No known issues
task.mdevals/scenario-2/
Security Audit: Python Data Processing Service
Problem/Feature Description
A Python-based data processing service handles sensitive customer records and is being evaluated before it can be granted access to production data. The compliance team requires a security audit of the service's third-party dependencies as part of the data-handling approval process.
The project directory (inputs/) contains the Python dependency specifications. The team needs a formal vulnerability report they can attach to the compliance ticket.
Output Specification
Audit all dependencies in the project and produce a vulnerability report saved to security-report.md. The report should clearly identify any vulnerable packages, their severity, and which versions are considered safe.
Also save the raw scan data to scan-raw.json.