meterian/security-audit
Use for dependency security audits and compliance checks. Use when auditing project dependencies for vulnerabilities, answering "is [library] [version] safe?" questions, or remediating vulnerable libraries. Also activates automatically when the user opens or modifies a manifest file (package.json, package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pom.xml, Cargo.toml, go.mod, Gemfile, composer.json, build.gradle, *.csproj, pubspec.yaml, conanfile.txt, conanfile.py, project.clj, deps.edn, Package.swift, pubspec.lock, Package.resolved, Gemfile.lock, poetry.lock, uv.lock, Cargo.lock, composer.lock).
96
90%
Does it follow best practices?
Impact
99%
1.83xAverage score across 8 eval scenarios
Passed
No known issues
task.mdevals/scenario-8/
Full-Stack Application Security Audit
Problem/Feature Description
A platform team manages a full-stack application with three independently developed components, all stored in the inputs/ directory: a React frontend dashboard (package.json), a Rust analytics engine (Cargo.toml), and a Python ML pipeline (requirements.txt). Before the quarterly release, the CISO has mandated a security audit of third-party dependencies across all three components in a single report.
The team currently has no automated scanning in place, so this will be the first comprehensive security check for the entire stack. The goal is to produce one unified vulnerability report covering every component.
Output Specification
Audit all dependencies across all components and produce a single report saved to security-report.md. The report should cover packages from all three components, identify any vulnerabilities, and include a summary of findings.
Also save the raw scan data to scan-raw.json.