Loading...
Loading...
Found 49 Skills
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
Audits project dependencies for license compliance, maintenance health, security vulnerabilities, and bloat. Analyzes both direct and transitive dependency trees, detects abandoned packages, identifies license conflicts (copyleft, unknown), checks for known CVEs, and finds unused or duplicate dependencies. Triggers on: "audit dependencies", "dependency check", "license check", "dependency health", "abandoned packages", "bloat check", "unused dependencies", "security audit dependencies", "dependency review", "license compliance", "package audit", "supply chain", "dependency risk". Use this skill when reviewing project dependencies for risk.
Audit project dependencies for risk when the user asks to check dependencies, audit packages, review dependency health, check for vulnerabilities, or assess supply chain risk
Identify make-buy-partner relationships for key activities. Use for strategic alliances, outsourcing decisions, and supply chain optimization.
Create OPA governance policies for Harness via MCP. Define policies that enforce compliance rules on pipelines, services, environments, feature flags, artifacts, code repositories, templates, SBOM, security tests, Terraform, GitOps, connectors, secrets, and more. Use when asked to create, write, fix, or explain an OPA policy, Rego rule, deny rule, governance policy, compliance rule, or policy-as-code for any Harness entity. Trigger phrases: create policy, OPA policy, governance policy, compliance rule, rego policy, deny rule, enforce policy, security policy, supply chain governance.
Analyze supply chain operations using the SCOR model across Plan, Source, Make, Deliver, and Return processes. Use this skill when the user needs to optimize supply chain efficiency, evaluate supplier performance, improve logistics, or design an end-to-end supply chain strategy — even if they say 'our deliveries are slow', 'supply chain costs are too high', or 'we keep running out of stock'.
Analyze and mitigate the bullwhip effect where demand variability amplifies upstream in supply chains. Use this skill when the user needs to diagnose order variability amplification, quantify the bullwhip ratio, or implement dampening strategies — even if they say 'why are our orders so volatile', 'supply chain variability', or 'demand amplification problem'.
Solve the newsvendor problem for single-period ordering decisions under uncertain demand. Use this skill when the user needs to determine optimal order quantity for perishable goods, seasonal products, or one-time purchase decisions — even if they say 'how much to order for this season', 'perishable inventory', or 'single-period ordering'.
Rust security skill for supply chain safety and memory-safe development. Use when auditing dependencies with cargo-audit, enforcing policies with cargo-deny, reviewing RUSTSEC advisories, writing memory-safe FFI patterns, or integrating fuzzing and Miri into a security review pipeline. Activates on queries about cargo-audit, cargo-deny, RUSTSEC advisories, supply chain security, Rust CVEs, safe FFI, or fuzzing for security.
Security audit and vulnerability scanning for AI agent skills before installation. Detects prompt injection in SKILL.md files, dangerous code patterns (eval, exec, subprocess), network exfiltration, credential harvesting, dependency supply chain risks, file system boundary violations, and obfuscation. Produces PASS/WARN/FAIL verdicts with remediation guidance. Use when evaluating untrusted skills, pre-install security gates, or auditing skill repositories.
Codified expertise for demand forecasting, safety stock optimisation, replenishment planning, and promotional lift estimation at multi-location retailers.
· Write, review, or architect CI/CD pipelines -- GitHub Actions, GitLab CI, Forgejo. Covers pipeline security, SHA pinning, SBOM, and runner configuration. Triggers: 'ci/cd', 'pipeline', 'github actions', 'gitlab ci', 'forgejo', '.github/workflows', 'runner', 'sha pinning'.