Supply Chain Impact Check

Use this skill to answer "are we affected?" for a published or reported supply-chain issue. The goal is a defensible impact assessment, not a generic security summary.

Default to read-only work. Do not change dependencies, lockfiles, CI workflows, secrets, or repository configuration unless the user explicitly asks for remediation after the assessment.

Workflow