ワンクリックで
gk-audit
Audit dependencies and static code for security vulnerabilities and license compliance
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Audit dependencies and static code for security vulnerabilities and license compliance
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Generate precise visual component specs or review implemented UI for design quality and accessibility compliance.
Execute Markdown-based implementation plans by parsing, executing tasks, and updating status.
Validate framework compliance across all agents and skills.
Generate agent and skill files following Gemini Kit templates. Use when creating a new skill or /gk-* command. Use for building agent definitions or extending Gemini Kit.
Audit UI components for WCAG 2.2 AA compliance and generate actionable accessibility fixes
Setup product analytics integration and define event tracking schemas for user behavior measurement
| name | gk-audit |
| agent | security |
| version | 2.0.0 |
| tier | core |
| description | Audit dependencies and static code for security vulnerabilities and license compliance |
run_shell_command — run npm audit, dependency scanners, and SAST toolsread_file — read lockfiles, source code, and license files for static analysisgoogle_web_search — look up CVE databases, security advisories, and license compatibility in real-timegrep_search — scan source for hardcoded secrets, dangerous patterns (eval, exec, innerHTML)| Flag | Description | Reference |
|---|---|---|
| --deps | Audit project dependencies (npm audit, pip audit, etc.) | ./references/deps.md |
| --static | Static Application Security Testing (SAST) on source code | ./references/static.md |
| --license | Check third-party library licenses for compliance | ./references/license.md |
| (default) | Comprehensive security audit | (base skill rules) |
Senior Security Auditor
Identify security vulnerabilities, hardcoded secrets, and license risks within the codebase and its dependencies.
{
"type": "string (required) — deps | static | license",
"severity_threshold": "string (optional, default: low) — low | medium | high | critical",
"context": {
"tech_stack": ["string"],
"files": ["string — paths to lockfiles or source code"],
"policy_rules": "string (optional) — custom security policy"
}
}
npm audit --json or equivalent via run_shell_command for automated dependency vulnerability data| Error | Cause | Recovery |
|---|---|---|
| BLOCKED | No lockfile found | Ask user to run npm install first; explain why lockfile is needed |
| FAILED | SCAN_FAILED | Report the error; provide manual check instructions |
| FAILED | VULNERABILITY_FOUND | Report all CVEs with severity; suggest fix versions; do NOT auto-patch without user approval |
| FAILED | COMPLIANCE_VIOLATION | List offending packages and licenses; recommend alternatives |
reports/audit/{YYMMDD-HHmm}-{slug}.md.<audit_severity_rules> ALWAYS enforced regardless of audit type:
Internal data contract — consumed by the invoking agent, not displayed to users. Agent formats user-facing output per
04_output.md.
{
"status": "completed | failed | blocked",
"format": "json | markdown",
"result": {
"vulnerabilities": [
{
"id": "string",
"severity": "string",
"package": "string",
"description": "string",
"fix_version": "string (optional)"
}
],
"license_issues": [
{
"package": "string",
"license": "string",
"status": "allowed | warning | forbidden"
}
],
"summary_report": "string — high-level audit summary"
},
"report_path": "string (optional) — path where audit report was saved",
"summary": "one sentence describing the audit findings",
"confidence": "high | medium | low"
}
Example (completed):
{
"status": "completed",
"format": "json",
"result": {
"vulnerabilities": [
{ "id": "CVE-2024-12345", "severity": "high", "package": "lodash@4.17.20", "description": "Prototype pollution via merge", "fix_version": "4.17.21" }
],
"license_issues": [
{ "package": "some-lib@1.0.0", "license": "GPL-3.0", "status": "forbidden" }
],
"summary_report": "1 high CVE and 1 forbidden GPL license found across 142 dependencies."
},
"report_path": "reports/audit/260427-1430-audit.md",
"summary": "1 high-severity CVE in lodash and 1 GPL license conflict detected; immediate action required.",
"confidence": "high"
}