Overview Supply chain attacks bypass traditional code review by compromising upstream dependencies. This skill provides patterns for detecting, preventing, and responding to compromised packages in Python ecosystems. When To Use - After a supply chain advisory is published - When auditing dependencies for a new or existing project - During incident response for a suspected compromise - When adding the SessionStart hook to a project When NOT To Use - General CVE triage unrelated to dependency supply chain - Application-level vulnerability scanning (use a SAST tool) - License compliance audits…