Supply Chain Sentinel

This skill ensures the integrity of everything your software depends on.

Capabilities

1. SBoM Generation

• Generates a Software Bill of Materials (SBoM) in CycloneDX or SPDX formats.

• Lists all direct and transitive dependencies with their hashes and origin.

2. Provenance & Risk Audit

• Analyzes dependency maintenance health (e.g., commit frequency, open issues).

• Flags potential "typosquatting" or known malicious package patterns.

Usage

• "Generate an SBoM for our production release."

• "Audit our supply chain for packages with poor maintenance or suspicious origins."

Knowledge Protocol

• This skill adheres to the knowledge/orchestration/knowledge-protocol.md . It automatically integrates Public, Confidential (Company/Client), and Personal knowledge tiers, prioritizing the most specific secrets while ensuring no leaks to public outputs. \n## Governance Alignment\n\n- This skill aligns with IPA non-functional standards and FISC security guidelines to ensure enterprise-grade compliance.