CtrlK
BlogDocsLog inGet started
Tessl Logo

dependencies-audit

MUST be used whenever fixing dependency issues in a Flows app. This skill finds AND fixes vulnerabilities, outdated packages, deprecated dependencies, and license issues — it does not just report them. Triggers: dependencies, packages, fix dependencies, update packages, fix vulnerabilities, npm audit fix, pnpm audit fix, CVE fix, outdated, deprecated, supply chain, license.

87

1.88x
Quality

88%

Does it follow best practices?

Impact

79%

1.88x

Average score across 3 eval scenarios

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Evaluation results

91%

69%

Dependency Health Audit for a Flows App

Package health report format and scoring

Criteria
Without context
With context

File name

100%

100%

Report header

0%

100%

Dependencies section

0%

100%

Dev Dependencies section

0%

100%

Security audit section

0%

87%

Vulnerabilities section

0%

100%

License summary section

0%

75%

Supply-chain flags section

0%

100%

Cognite package handling

70%

100%

Types package handling

62%

100%

CVE auto-Fail rule

20%

100%

Health threshold application

10%

70%

npm API for downloads

50%

25%

55%

16%

Security Vulnerability Remediation for a Flows App

Vulnerability remediation and pnpm overrides

Criteria
Without context
With context

pnpm audit usage

0%

0%

Production-only audit

0%

0%

pnpm audit fix

0%

0%

pnpm overrides for transitive deps

0%

0%

Build verification after fix

75%

75%

Post-fix report state

75%

100%

review-packages.md format

37%

100%

Fixed summary in audit-summary.md

90%

90%

Remaining issues section

60%

90%

Health verdict

40%

100%

CVE auto-Fail in table

50%

50%

92%

26%

License and Supply-Chain Audit for a Flows App

License compliance and supply-chain risk remediation

Criteria
Without context
With context

License check performed

42%

100%

Copyleft in prod deps flagged

100%

100%

Copyleft prod dep replaced

100%

100%

Imports updated after replacement

100%

100%

Dev dep license risk distinction

75%

50%

Supply-chain check performed

37%

100%

Install scripts evaluated

37%

100%

Deprecated/unmaintained replaced

100%

100%

review-packages.md supply-chain section

14%

100%

review-packages.md license section

14%

100%

Post-fix state in report

100%

100%

replacement-log.md documents all changes

100%

100%

Build verified after changes

0%

33%

Repository
cognitedata/builder-skills
Commit

d6af887

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Dependency Health Audit for a Flows AppSecurity Vulnerability Remediation for a Flows AppLicense and Supply-Chain Audit for a Flows App

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill