| name | security-vulnerability-gate |
| description | Run security and vulnerability checks for platform_serial changes before merge and release. |
Security and Vulnerability Gate
Use this skill for code, dependency, CI, and release changes that could affect security posture.
Steps
- Verify no credentials or secrets were introduced in source, workflows, docs, or scripts.
- Review changed dependencies for known vulnerabilities and prefer patched, maintained versions.
- Confirm typed errors are preserved (
SerialError, SerialErrorType) and no silent failure paths were introduced.
- Check GitHub Actions permissions are least-privilege and release/publish workflows remain protected.
- Confirm bad-path and edge-case tests cover invalid payloads, malformed events, and timeout/error handling.
Pitfalls
- Do not suppress errors just to keep streams alive; surface them through typed channels.
- Do not introduce broad
catch blocks that mask root causes.
- Do not add automation that can publish from unprotected branches.