security-vulnerability-audit

star 1

Workflow for auditing security vulnerabilities using Trunk (Trivy and OSV-scanner). Use when checking for project vulnerabilities, hard-coded secrets, or repairing security flaws.

yu-iskw By yu-iskw schedule Updated 1/23/2026
play_arrow Run Skill in Manus View GitHub

name: security-vulnerability-audit description: Workflow for auditing security vulnerabilities using Trunk (Trivy and OSV-scanner). Use when checking for project vulnerabilities, hard-coded secrets, or repairing security flaws.

Security Vulnerability Audit

This skill provides a structured process for identifying and reporting security vulnerabilities in the codebase using Trunk's integrated security tools.

Audit Workflow

  1. Run Security Scan: Execute the project's security linting script.

    pnpm run lint:security

    Note: This command runs trunk check --all --scope security, which triggers both Trivy and OSV-scanner.

  2. Analyze Findings: Review the output from Trunk. Pay close attention to:

    • Critical/High vulnerabilities in dependencies (reported by osv-scanner).
    • Hard-coded secrets or configuration issues (reported by trivy).

  3. Compile Report: Use the findings to create a summary of the security posture.

Reporting Format

For each significant finding, provide:

  • Severity: [Critical/High/Medium/Low]
  • Tool: [Trivy/OSV-Scanner]
  • Description: [Brief description of the vulnerability]
  • Impact: [What happens if exploited?]
  • Recommendation: [How to fix it, e.g., "Update package X to version Y"]

Resources

Install via CLI
npx skills add https://github.com/yu-iskw/skill-inspector --skill security-vulnerability-audit
Repository Details
star Stars 1
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
yu-iskw
yu-iskw Explore all skills →