Skip to content
Flows
Dependency and Supply-Chain Scanning for Agents
Agent QA & Security60-90 minutes
0/4 steps0%

Step 1 of 4

Intercept dependency additions

Every new dependency is a trust decision - catch it at the source.

Prompt capsule

Hook the dependency-adding actions. Identify every way the agent can add a dependency: package-manager install commands (pip install, npm/yarn add, etc.), direct edits to manifests (requirements.txt, package.json, pyproject, go.mod), and lockfile edits. Route these through a supply-chain gate before they take effect: parse out the package name(s) and version(s) being added, and pause for the checks (next steps) rather than executing immediately. Distinguish adding a NEW dependency (full gate) from updating an existing reviewed one (lighter path). Ensure no install path bypasses the gate - including the agent writing a manifest and running install as separate steps. Verify by having the agent attempt an install and confirming the gate intercepts it.

Paste into Claude · Complete implementation prompt with explicit requirements

Expected after this step

All dependency-adding paths intercepted before taking effect.

Should not happen

  • Letting the agent install anything it names, hallucinations included
  • Slopsquatting: installing a malicious lookalike of a real popular package
  • No vulnerability scanning, so known-CVE packages ship
  • Manifest edited but lockfile not updated, so installs drift from review

Verify before continuing

Do not move on until every check is true. The complete button stays locked until then.

Do not continue if…

  • !Letting the agent install anything it names, hallucinations included
  • !Slopsquatting: installing a malicious lookalike of a real popular package
  • !No vulnerability scanning, so known-CVE packages ship
  • !Manifest edited but lockfile not updated, so installs drift from review

If the AI messes this up

Use this when the AI fakes progress or breaks the feature. It forces a real fix.

The agent edited the manifest then installed, dodging the gate. Gate on the manifest/lockfile change too, not just the install command - and treat installing after a just-made manifest edit as the same reviewable event.

Your notes for this step