{
  "skill": "semgrep",
  "kind": "external",
  "needs": [
    "code-for-sast"
  ],
  "produces": [
    "sast-report"
  ],
  "constraints": [
    "SAST бинарь + MCP",
    "НЕ секреты в diff (gitleaks)",
    "НЕ глубокий on-demand аудит (Trail of Bits)"
  ],
  "preview-form": "none",
  "defaults": [
    "npm run sast"
  ],
  "key-decisions": [
    "scope скана; реальная уязвимость vs false-positive"
  ],
  "acceptance-criteria": [
    "0 уязвимостей высокого риска"
  ],
  "source": {
    "version": "n/a",
    "hash": "0000000000000000000000000000000000000000000000000000000000000000",
    "path": ""
  }
}