---
name: dependency-security-review
description: Review and remediate dependency vulnerabilities without accepting unsafe blanket upgrades.
---

1. Read repository instructions and identify the authoritative manifests and lock files.
2. Run the ecosystem's audit and outdated checks; retain advisory identifiers and affected dependency paths.
3. Separate exploitable production exposure from development-only or unreachable findings.
4. Propose the smallest compatible upgrade set and explain breaking-change risk.
5. Apply upgrades in reviewable groups, never with an unreviewed force option.
6. Run tests, builds and the audit again; report resolved, accepted and remaining findings.
