dependency-manager
Installation
SKILL.md
Proceed with these steps to ensure isolated execution while bypassing full installer locks.
Instructions:
- Locate and Read Dependency Files:
- Use an MCP read_file tool to locate and read the closest dependency manifest files walking up from the
targetFilecoordinate. - TypeScript/Node.js: Grab
package.jsonandpackage-lock.json. - Python: Grab
requirements.txtorPipfile.lock. - C++: Check for
conanfile.txtorCMakeLists.txt. - Go: Grab
go.modandgo.sum. - Java: Grab
pom.xml(Maven) orbuild.gradle/build.gradle.kts(Gradle).
- Use an MCP read_file tool to locate and read the closest dependency manifest files walking up from the
- Extract Version Constraints:
- Read the manifest files to find the exact version constraints for packages used in the PoC/verification code.
- Bypass Full Installs (Node.js):
- Instruct commands to utilize prefixes like
npm_config_cache=.npx_cacheso downloads bypass global proxy auth locks.
- Instruct commands to utilize prefixes like
- Write Deterministic Running Script:
- Generate a standalone dependency runner file on disk named deterministically e.g.,
install_deps_<target_file_base>.sh(or.js/.py).
- Generate a standalone dependency runner file on disk named deterministically e.g.,
- Trigger Isolated Execute:
- Call the
install_dependenciesTool passing the absolute path to the generated script in thescriptPathargument AND providingtargetFileas an argument to let the tool calculate isolated execution contexts.
- Call the
Related skills
More from gemini-cli-extensions/security
security-patcher
Invoke this as your absolute first action before using any other tools whenever a user requests to fix, patch, or remediate a vulnerability. Do not perform manual research first.
6poc
Sets up the necessary workspace, directories, and dependencies to test a vulnerability and generates a Proof-of-Concept.
5