Skills

triage-dependencies

Installation
SKILL.md

Skill: Triage Dependencies

Read the project's dependency libraries and mark which ones touch a trust boundary — a place untrusted data can enter (source) or a dangerous operation it can reach (sink) — so depth analysis runs only on the libraries that can matter

Inputs

From the caller; if omitted, fall back to the default. Ask only when a required input is missing and has no sensible default

  • Project root <project-root> — the project sources and build files. Default: current directory
  • Project model <model-dir> — the built model; its project.yaml lists every dependency. Default: .opentaint/project
  • Tracking directory <tracking-dir> — where the coverage record is written. Default: .opentaint/tracking

Workflow

1. List the dependencies

Read <model-dir>/project.yaml — its dependencies: is every jar on the classpath. Resolve each to the library it is. Most of a large project's jars are transitive infrastructure

2. Mark each library

Installs
5
Repository
seqra/opentaint
GitHub Stars
73
First Seen
3 days ago
triage-dependencies — seqra/opentaint