skill-dependency-chain-auditor

# Your Skill's Dependency Is Safe. Its Dependency's Dependency Is Not.

> Helps identify vulnerabilities in transitive skill dependency chains —
> the attack surface that direct dependency auditing cannot see.

## Problem

Agent skills rarely operate in isolation. A skill that provides a useful
capability often depends on other skills for sub-capabilities: a data
processing skill may depend on a file parsing skill that depends on a format
conversion skill. Each link in this dependency chain is a potential
vulnerability entry point — and auditing only the top-level skill misses
everything below it.

The transitive dependency problem in agent ecosystems mirrors the problem
that produced major software supply chain incidents: auditors focused on the
immediate code, not the full dependency tree. An attacker who cannot
compromise a well-audited top-level skill can achieve the same result by
compromising a less-scrutinized dependency that the top-level skill trusts
implicitly.

Transitive dependencies compound the blast radius problem. A vulnerability
in a foundational skill used by many other skills as a dependency propagates
upward through the entire dependency graph. An agent with five installed
skills, each depending on three sub-skills, may have an effective dependency
surface of fifteen or more skills — most of which received no direct review
at install time.

The audit gap is structural. Standard skill marketplace reviews evaluate
published skills as independent units. They do not trace dependency chains,
assess the composition of trust across dependency links, or flag cases where
a safe skill depends on an unaudited or compromised skill. The trust granted
to a skill implicitly extends to everything it depends on — and that implicit
extension is unverified.

## What This Audits

This auditor examines skill dependency chain integrity across five dimensions:

1. **Transitive dependency inventory** — What is the complete set of s...