// Workflow for auditing security vulnerabilities using Trunk (Trivy and OSV-scanner). Use when checking for project vulnerabilities, hard-coded secrets, or repairing security flaws.
Build the project and automatically fix any build errors, compilation failures, or type mismatches. Use when the project fails to build, shows "broken" states, or after making significant changes.
Run CodeQL security/quality analysis and fix findings. Use when the user asks to run CodeQL, security scan, static analysis, or fix CodeQL findings.
Self-improvement skill for evolving Claude Code configuration. Use when you notice repeated mistakes, want to add new workflows, or optimize the development experience.
Run linters and fix violations, formatting errors, or style mismatches using Trunk. Use when code quality checks fail, before submitting PRs, or to repair "broken" linting states.
Safely upgrade Node.js dependencies in pnpm workspaces. Use when asked to "upgrade dependencies", "update packages", "check for updates", or fix version mismatches.
End-of-session capture of failures, surprises, and lessons so agent behavior and repo config improve. Use after non-trivial work; skip trivial sessions unless something went wrong.
| name | security-vulnerability-audit |
| description | Workflow for auditing security vulnerabilities using Trunk (Trivy and OSV-scanner). Use when checking for project vulnerabilities, hard-coded secrets, or repairing security flaws. |
This skill provides a structured process for identifying and reporting security vulnerabilities in the codebase using Trunk's integrated security tools.
Run Security Scan: Execute the project's security linting script.
pnpm run lint:security
Note: This command runs trunk check --all --scope security, which triggers both Trivy and OSV-scanner.
Analyze Findings: Review the output from Trunk. Pay close attention to:
osv-scanner).trivy).Compile Report: Use the findings to create a summary of the security posture.
For each significant finding, provide: