Load this skill when asked to review, analyze, assess, or verify a Dependabot PR. Goal Give the reviewer a clear answer to: does this version bump require any action beyond merging? Process 1. Identify the packages being bumped Parse the PR body to extract package name(s) and version range (old → new). Dependabot PRs always include this in structured form. For grouped PRs, there will be multiple packages. Process each one. 2. Fetch the changelog / release notes for each package Check in this order — stop at the first that works: 1. GitHub releases — then 2. CHANGELOG.md in the repo — (decode…