github · MabCloud · Apr 16, 2026 · Apr 16, 2026
diff --git a/.github/plugin/marketplace.json b/.github/plugin/marketplace.json
@@ -33,7 +33,8 @@
       "description": "Advanced Security plugin for GitHub Copilot.",
       "version": "1.0.0",
       "skills": [
-        "./skills/secret-scanning"
+        "./skills/secret-scanning",
+        "./skills/dependency-scanning"
       ]
     }
   ]

diff --git a/plugins/advanced-security/README.md b/plugins/advanced-security/README.md
@@ -4,14 +4,19 @@ Security-focused plugin that brings GitHub Advanced Security capabilities into A
 
 ## What it does
 
-Advanced Security helps agents identify and prevent credential exposure during development by:
+Advanced Security helps agents identify and prevent security risks during development by:
 
 - Scanning code snippets, files, and git changes for potential secrets
 - Using GitHub secret detection patterns through MCP tooling
 - Supporting pre-commit checks to catch leaked credentials early
+- Auditing project dependencies for known CVEs and security advisories across multiple ecosystems
 
 ## Skills
 
 ### `secret-scanning`
 
 Activated when a user asks to check code, files, or git changes for exposed credentials. Uses the `run_secret_scanning` MCP tool to scan content for potential secrets before code is committed.
+
+### `dependency-scanning`
+
+Activated when a user asks to audit dependencies, check for known vulnerabilities, or find CVEs in project packages. Automatically detects the package manager in use (npm, Yarn, pnpm, pip, Cargo, bundler, Go modules, or .NET) and runs the appropriate native audit tool to surface vulnerable packages with severity levels and remediation guidance.