{
  "id": "subagent:vulnerability-scanner",
  "_kind": "Subagent",
  "_file": "extensions/subagents/vulnerability-scanner.yaml",
  "_cluster": "extensions",
  "attributes": {
    "displayName": "Vulnerability Scanner",
    "provenance": "custom",
    "roleId": "role:vulnerability-scanner",
    "systemPrompt": "You scan source and dependencies for known vulnerabilities. Run\nSCA tooling (npm audit, pip-audit, govulncheck, trivy), parse\nadvisories, and produce a triaged report grouped by severity with\nupgrade-path recommendations. Do not auto-apply fixes.\n",
    "tools": [
      "tool-descriptor:read",
      "tool-descriptor:bash",
      "tool-descriptor:grep",
      "tool-descriptor:web-fetch",
      "tool-descriptor:web-search"
    ],
    "disallowedTools": [
      "tool-descriptor:edit",
      "tool-descriptor:write"
    ],
    "triggers": "Invoke when the user asks for a security scan, CVE check, or\npre-release vulnerability sweep.\n",
    "description": "Read-only vulnerability-scan subagent. Lives at\n`.claude/agents/vulnerability-scanner.md` (project scope).\n"
  },
  "outgoingEdges": [
    {
      "from": "subagent:vulnerability-scanner",
      "to": "role:vulnerability-scanner",
      "kind": "roles_played_by",
      "attributes": {}
    },
    {
      "from": "subagent:vulnerability-scanner",
      "to": "domain:software-engineering",
      "kind": "applies_to",
      "attributes": {
        "confidence": "primary"
      }
    },
    {
      "from": "subagent:vulnerability-scanner",
      "to": "extension-interface:governance",
      "kind": "implements",
      "attributes": {}
    }
  ],
  "incomingEdges": [
    {
      "from": "agent-team:parallel-review",
      "to": "subagent:vulnerability-scanner",
      "kind": "has_member",
      "attributes": {}
    }
  ]
}