← Back to list
dependency-cve-triage
by Robotti-io
✨ A customizable copilot-instructions.md ruleset & prompts to guide GitHub Copilot toward secure coding defaults in Java, Node.js, C# and Python. Blocks risky patterns, teaches safe habits.
⭐ 32🍴 9📅 Jan 14, 2026
Run in ManusSKILL.md
name: dependency-cve-triage description: Triage workflow for dependency vulnerabilities: determine reachability, impact, and safe upgrade/remediation plan.
Use this skill when asked to triage CVEs, decide upgrade priority, or prepare remediation tickets.
Step-by-step process
- Confirm the vulnerable component
- Package name, affected versions, transitive vs direct dependency
- Assess reachability
- Is the vulnerable code path used? Under what configuration?
- Is it internet-exposed or behind auth?
- Assess impact
- RCE vs info leak vs DoS; required privileges; exploit maturity
- Choose a remediation
- Upgrade to a fixed version (preferred)
- Pin/override transitive versions
- Disable the vulnerable feature/code path
- Compensating controls (WAF rules, config hardening) as a stopgap
- Plan the change
- Minimal version jump, note breaking changes
- Add regression tests for the vulnerable behavior if practical
- Document
- Ticket with: affected services, urgency, change plan, validation steps
Output template
- CVE / Package
- Affected versions / current version
- Exploit preconditions
- Reachability assessment
- Recommended fix
- Validation / rollout notes
Repo integration (optional)
Related prompt:
dependency-cve-triage.prompt.md
Score
Total Score
65/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
○LICENSE
ライセンスが設定されている
0/10
✓説明文
100文字以上の説明がある
+10
○人気
GitHub Stars 100以上
0/15
✓最近の活動
1ヶ月以内に更新
+10
○フォーク
10回以上フォークされている
0/5
✓Issue管理
オープンIssueが50未満
+5
✓言語
プログラミング言語が設定されている
+5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
