addressing-dependabot

Addresses GitHub Dependabot security alerts by listing open alerts, identifying affected Python/uv, frontend npm, and Titus Go projects, upgrading vulnerable dependencies, running verification, and committing fixes. Use when the user wants to fix Dependabot alerts, upgrade vulnerable packages, or address security vulnerabilities found by Dependabot.

1.13x

Quality

88%

Does it follow best practices?

Impact

98%

1.13x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Evaluation results

100%

Python Security Vulnerability: Monorepo-Wide Fix

Python multi-project vulnerability scan and fix

Criteria

Without context

With context

Scans unflagged project

100%

Reads pyproject.toml

100%

Uses uv add for direct deps

100%

Correct version constraint

100%

Quoted package spec

100%

Per-project cd

100%

Skips unaffected projects

50%

100%

Derives project directory

100%

Uses alert fixed_in

100%

Commit message format

40%

100%

94%

Frontend Security Vulnerability: Dependency Fix

npm transitive vulnerability fix via overrides

Criteria

Without context

With context

Uses overrides for transitive

100%

Override uses >= constraint

100%

Runs npm install

100%

Verifies installed version

100%

Build and audit verification

33%

66%

Preserves existing overrides

100%

Correct commit files

100%

Commit message format

40%

80%

100%

20%

Go Module Security Fixes: Titus Scanner

Go multi-alert version format and combined fix

Criteria

Without context

With context

v prefix on versions

100%

Single go get command

100%

Runs go mod tidy

100%

Verifies with go list -m

100%

go binary PATH fallback

100%

Runs go tests

100%

Correct commit files

100%

Commit message format

50%

100%

Repository: SpecterOps/Nemesis
Commit: 432d081

Evaluated: 16 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Python Security Vulnerability: Monorepo-Wide Fix Frontend Security Vulnerability: Dependency Fix Go Module Security Fixes: Titus Scanner

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.