The Dependency Vulnerability Scanner identifies known security vulnerabilities in project dependencies across multiple package ecosystems. It uses the OSV.dev API for open-source vulnerability database queries and the Snyk CLI for commercial-grade vulnerability intelligence with fix recommendations. The skill parses lockfiles from npm (package-lock.json), pip (requirements.txt, Pipfile.lock), Maven (pom.xml), Go (go.sum), and Cargo (Cargo.lock) to build a complete dependency graph including transitive dependencies. Each dependency is checked against the National Vulnerability Database via the NVD API 2.0 with CVSS v3.1 scoring. Software Bill of Materials generation uses Anchore’s syft tool to produce CycloneDX and SPDX SBOM formats for compliance reporting. The skill prioritizes vulnerabilities by exploitability using the EPSS (Exploit Prediction Scoring System) API and CISA Known Exploited Vulnerabilities catalog. Automated pull requests for dependency updates are created using the GitHub API with version constraint analysis to minimize breaking changes.