dependabot-alerts-exportinglisted

# Dependabot Alerts Exporting Skill This skill fetches all Dependabot dependency vulnerability alerts from GitHub for repositories under the NASA PDS organization and exports them to JSON for triage. Dependabot alerts surface known CVEs in third-party package dependencies — these are generally more critical than static analysis findings because they represent exploitable vulnerabilities in widely-known packages, often with public proof-of-concept exploits. ## Prerequisites - Node.js v18 or higher - `GITHUB_TOKEN` environment variable with `security_events` scope - Org members: token needs `security_events` scope - Org admins: token needs `read:org` + `repo` scopes - Quickest approach: `export GITHUB_TOKEN=$(gh auth token)` ## Workflow Position ``` 1. dependabot-alerts-exporting → THIS SKILL: Export alerts to JSON 2. dependabot-alerts-triaging → Analyze & suggest triage decisions 3. (Manual) → Dismiss alerts via GitHub UI or API ``` ## Execution Steps ### Step 0: Confirm Output Directory Before writing any files, ask the user where to save output: ``` Where should I save the export files? 1. Current directory: <show $PWD> 2. /tmp 3. Custom path ``` Store the choice as `OUTPUT_DIR`. Never write output files inside the skill's own directory. ### Step 1: Check for GitHub Token ```bash echo "${GITHUB_TOKEN:+set}" || echo "not set" ``` If not set, guide the user: - "A GitHub token is required to access Dependabot alerts." - "Quickest