meterian/security-audit
Use for dependency security audits and compliance checks. Use when auditing project dependencies for vulnerabilities, answering "is [library] [version] safe?" questions, or remediating vulnerable libraries. Also activates automatically when the user opens or modifies a manifest file (package.json, package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pom.xml, Cargo.toml, go.mod, Gemfile, composer.json, build.gradle, *.csproj, pubspec.yaml, conanfile.txt, conanfile.py, project.clj, deps.edn, Package.swift, pubspec.lock, Package.resolved, Gemfile.lock, poetry.lock, uv.lock, Cargo.lock, composer.lock).
96
90%
Does it follow best practices?
Impact
99%
1.83xAverage score across 8 eval scenarios
Passed
No known issues
task.mdevals/scenario-1/
Security Audit: Node.js Order Management API
Problem/Feature Description
The order management API (source files in inputs/) is ready to move from staging to production, but the infrastructure team requires a sign-off from the security team before deployment. The security lead has asked for a written vulnerability report on the project's third-party dependencies so that any issues can be addressed before go-live.
The project has been in development for about 18 months and the dependencies haven't been reviewed since initial setup. The team suspects some packages may be outdated, but nobody has formally checked them against a vulnerability database.
Output Specification
Scan all dependencies in the project and produce a written audit report saved to security-report.md. The report should document every dependency checked, flag any vulnerabilities found with their severity and identifiers, and provide a clear summary. If vulnerabilities are found, note what remediation options are available.
Also save the raw scan data to scan-raw.json.