Package agent skills from SocketDev/skills into the Dockyard registry.
Source
Rationale
Socket.dev is a first-party supply-chain security vendor. Their skills pack covers dependency scanning, inspection, and remediation workflows — strong overlap with Dockyard's supply-chain-risk-auditor (Trail of Bits).
Candidate skills
skills/socket-scan — dependency scanning via Socket CLI (SBOM, reachability, license compliance)skills/socket-inspect — package inspectionskills/socket-fix/socket-dep-cleanupskills/socket-fix/socket-dep-patchskills/socket-fix/socket-dep-replaceskills/socket-fix/socket-dep-upgrade
Exact paths to confirm at packaging time.
Acceptance criteria
Part of the vendor-by-vendor sweep following #466 (Trail of Bits).
Package agent skills from
SocketDev/skillsinto the Dockyard registry.Source
25879b0(2026-04-16)Rationale
Socket.dev is a first-party supply-chain security vendor. Their skills pack covers dependency scanning, inspection, and remediation workflows — strong overlap with Dockyard's
supply-chain-risk-auditor(Trail of Bits).Candidate skills
skills/socket-scan— dependency scanning via Socket CLI (SBOM, reachability, license compliance)skills/socket-inspect— package inspectionskills/socket-fix/socket-dep-cleanupskills/socket-fix/socket-dep-patchskills/socket-fix/socket-dep-replaceskills/socket-fix/socket-dep-upgradeExact paths to confirm at packaging time.
Acceptance criteria
spec.yamlper selected skill underskills/<name>/spec.refpinned to an audited upstream commit SHAtask validate-skillpasses for eachtask scan-skillfindings triagedskills/socketdev)Part of the vendor-by-vendor sweep following #466 (Trail of Bits).