meterian/security-audit
Use for dependency security audits and compliance checks. Use when auditing project dependencies for vulnerabilities, answering "is [library] [version] safe?" questions, or remediating vulnerable libraries. Also activates automatically when the user opens or modifies a manifest file (package.json, package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pom.xml, Cargo.toml, go.mod, Gemfile, composer.json, build.gradle, *.csproj, pubspec.yaml, conanfile.txt, conanfile.py, project.clj, deps.edn, Package.swift, pubspec.lock, Package.resolved, Gemfile.lock, poetry.lock, uv.lock, Cargo.lock, composer.lock).
96
90%
Does it follow best practices?
Impact
99%
1.83xAverage score across 8 eval scenarios
Passed
No known issues
task.mdevals/scenario-4/
Security Audit: Ruby E-Commerce Application
Problem/Feature Description
A Ruby on Rails e-commerce platform (files in inputs/) is undergoing its quarterly security review mandated by the company's security policy. The platform handles customer payments and personal data, so the security team is particularly concerned about unpatched vulnerabilities in gem dependencies.
The project's gem dependency files are in the inputs/ directory. The audit should capture the exact versions currently deployed so the report accurately reflects the production state of the application.
Output Specification
Scan the Ruby application's gem dependencies for known vulnerabilities and save the findings to security-report.md. The report must list all gems checked, highlight any vulnerabilities with severity and identifiers, and summarise the findings.
Also save the raw scan data to scan-raw.json.