meterian/security-audit
Use for dependency security audits and compliance checks. Use when auditing project dependencies for vulnerabilities, answering "is [library] [version] safe?" questions, or remediating vulnerable libraries. Also activates automatically when the user opens or modifies a manifest file (package.json, package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pom.xml, Cargo.toml, go.mod, Gemfile, composer.json, build.gradle, *.csproj, pubspec.yaml, conanfile.txt, conanfile.py, project.clj, deps.edn, Package.swift, pubspec.lock, Package.resolved, Gemfile.lock, poetry.lock, uv.lock, Cargo.lock, composer.lock).
96
90%
Does it follow best practices?
Impact
99%
1.83xAverage score across 8 eval scenarios
Passed
No known issues
task.mdevals/scenario-6/
Security Advisory Lookup: squirrel 3.0 (C++)
Problem/Feature Description
A game development team is evaluating squirrel version 3.0 as a scripting engine dependency in their C++ engine. Before embedding it in production, the security team needs a complete picture of any known vulnerabilities — the organisation requires all third-party dependencies to be formally cleared before shipping.
Your job is to look up all known security advisories for squirrel version 3.0 and write up your findings so the team can make an informed decision.
Output Specification
Produce a file named advisory-report.md documenting what you find. For each advisory, include its severity level, identifier, and a brief description of what the issue is.
Also save the raw advisory data to advisory-raw.json.