Dependency Risk Audit

Run a repeatable dependency-risk audit for Python projects and return a prioritized remediation plan.

Workflow

Step 1: Identify dependency source of truth

1. Detect package manager and files in this order:
   • poetry.lock + pyproject.toml
   • uv.lock + pyproject.toml
   • Pipfile.lock + Pipfile
   • requirements*.txt and optional constraints*.txt
2. Prefer lockfiles for resolved versions.
3. Record Python runtime constraint from:
   • pyproject.toml (requires-python)
   • .python-version
   • CI config (if present)