CtrlK
BlogDocsLog inGet started
Tessl Logo

dependencies-audit

MUST be used whenever fixing dependency issues in a Flows app. This skill finds AND fixes vulnerabilities, outdated packages, deprecated dependencies, and license issues — it does not just report them. Triggers: dependencies, packages, fix dependencies, update packages, fix vulnerabilities, npm audit fix, pnpm audit fix, CVE fix, outdated, deprecated, supply chain, license.

87

1.88x
Quality

Does it follow best practices?

Impact

79%

1.88x

Average score across 3 eval scenarios

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

80%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

A highly actionable, well-sequenced dependency audit/fix workflow with strong validation feedback loops, but it is a monolithic document with repeated verification boilerplate and no progressive disclosure via bundle files.

Suggestions

Extract the repeated `pnpm install && pnpm run build` verification step into a single stated convention once, then reference it to reduce boilerplate and improve conciseness.

Move the long review-packages.md output template (Step 7) and the full metadata-lookup scripts into a reference file under references/, keeping SKILL.md a lean overview.

Consolidate the duplicated per-package npm-view lookup scripts (Steps 2, 5, 6 share near-identical loops) into one reusable script in scripts/.

DimensionReasoningScore

Conciseness

Mostly efficient with concrete commands throughout, but repeats the same "run pnpm install and pnpm run build to verify" verification boilerplate after nearly every fix step and re-lists near-identical metadata-lookup scripts, which could be tightened.

2 / 3

Actionability

Provides fully executable bash snippets (npm view, pnpm audit --json, pnpm overrides JSON, npx license-checker) and concrete health-score criteria; the guidance is copy-paste ready and specific.

3 / 3

Workflow Clarity

Clear 8-step sequence with explicit validation/feedback loops (re-run pnpm audit to confirm fixes, run build to verify, revert on breakage) after risky batch and destructive operations.

3 / 3

Progressive Disclosure

Well-organized into sequential sections but is a monolithic single-file skill with no bundle files (references/scripts/assets absent) and no offloaded detail; content like the full output template and repeated lookup scripts could be split out, so it sits at "some structure but could be better organized".

2 / 3

Total

10

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

A strong, well-scoped description that clearly states concrete capabilities, natural trigger terms, and explicit when-to-use guidance for a Flows app dependency fix skill. It is concise and avoids over-claiming.

DimensionReasoningScore

Specificity

Lists multiple concrete actions — "finds AND fixes vulnerabilities, outdated packages, deprecated dependencies, and license issues" — matching the highest anchor for specific actions.

3 / 3

Completeness

Explicitly answers both what it does (finds AND fixes dependency issues) and when to use it ("MUST be used whenever..." plus a Triggers list), satisfying the highest completeness anchor.

3 / 3

Trigger Term Quality

Good coverage of natural trigger phrases a user would say: "dependencies, fix dependencies, update packages, fix vulnerabilities, npm audit fix, CVE fix, outdated, deprecated, supply chain, license."

3 / 3

Distinctiveness Conflict Risk

Scoped to a clear niche (Flows app dependency audits) with distinct triggers unlikely to collide with unrelated skills; the "MUST be used whenever" phrasing strengthens the niche signal.

3 / 3

Total

12

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

metadata_version

'metadata.version' is missing

Warning

Total

14

/

16

Passed

Repository
cognitedata/builder-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.