meterian/security-audit
Use for dependency security audits and compliance checks. Use when auditing project dependencies for vulnerabilities, answering "is [library] [version] safe?" questions, or remediating vulnerable libraries. Also activates automatically when the user opens or modifies a manifest file (package.json, package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pom.xml, Cargo.toml, go.mod, Gemfile, composer.json, build.gradle, *.csproj, pubspec.yaml, conanfile.txt, conanfile.py, project.clj, deps.edn, Package.swift, pubspec.lock, Package.resolved, Gemfile.lock, poetry.lock, uv.lock, Cargo.lock, composer.lock).
96
90%
Does it follow best practices?
Impact
99%
1.83xAverage score across 8 eval scenarios
Passed
No known issues
task.mdevals/scenario-7/
Security Audit: .NET Payment API
Problem/Feature Description
A .NET 5 solution needs a full dependency vulnerability audit before a vendor agreement can be finalised. The security team requires a scan of all NuGet packages across the entire solution for known CVEs, so they can assess risk and provide a remediation path if needed. The inputs/ directory contains the project files for the solution.
The development team hasn't run a dependency audit since the project was scaffolded. Given the sensitive nature of the data it handles, produce a written vulnerability report before the security sign-off deadline.
Output Specification
Audit all NuGet packages referenced across all project files in inputs/ and save the findings to security-report.md. Include each package name and version checked, flag any vulnerabilities with severity and identifiers, and provide a summary.
Also save the raw scan data to scan-raw.json.