The Agent Skills Directory

[COMMAND_EXECUTION]: Uses gh api and pnpm to fetch vulnerability data and analyze dependency trees. These are standard development tools and are constrained to the project's own repository (getsentry/sentry-changelog).
[COMMAND_EXECUTION]: Includes commands to modify package.json and run tests. These are standard workflows for dependency management and are explicitly gated by instructions to wait for user approval before execution.
[DATA_EXPOSURE]: Accesses Dependabot alerts via the GitHub API. This involves project metadata (CVE IDs, package names) relevant to the skill's purpose and does not involve exfiltrating secrets or credentials.
[EXTERNAL_DOWNLOADS]: Executes pnpm install and npm view, which connect to official registries (NPM/JS) to update packages and check versions. These are well-known services and essential for the task of fixing vulnerabilities.
[PROMPT_INJECTION]: The skill maintains strict control over the agent's behavior by requiring user approval for all modifications and dismissals, mitigating risks of the agent autonomously performing destructive actions.

fix-security-vulnerability