feat(skills): add forge-audit-deps dependency audit skill

[mgratzer]

Summary

New standalone skill that audits Node.js project dependencies interactively — analyzing security, maintenance status, necessity, and health — producing a prioritized action plan.

Problem / Motivation

Dependency auditing is a recurring manual task. An existing guide covers the process well but isn't structured as a reusable Claude Code skill. Bringing it into forge makes the audit repeatable, interactive, and consistent.

Proposed Solution

skills/forge-audit-deps/SKILL.md — a read-only analysis skill with 8 process steps:

1. Detect package manager & project type — lockfile detection (package-lock.json, pnpm-lock.yaml, yarn.lock, bun.lock), classify project (API / SPA / library / CLI) to calibrate thresholds
2. Gather current state — dep counts, node_modules size, npm audit / equivalent, npm outdated / equivalent, present overview dashboard
3. Analyze each production dependency — transitive deps, size, maintenance status, the "50 lines" decision tree (could you replace this dep with ~50 lines of code?)
4. Categorize & present findings — 🟢 Excellent / 🟡 Acceptable / 🔴 Questionable, batched by category with AskUserQuestion pauses
5. Identify removable deps — unused (via depcheck / grep), redundant @types/*, native API replacements
6. Security & version assessment — vulnerability details, pinning recommendations for 0.x packages
7. Generate prioritized action items — Immediate (security) → Quick Wins (unused deps) → Medium Effort (replacements) → Consider Later
8. Summary dashboard — counts, ratings breakdown, potential impact metrics

Design Decisions

• allowed-tools: Read, Bash, Grep, Glob — no Write, enforcing read-only analysis
• No disable-model-invocation — safe for auto-invocation since read-only
• Production deps only in v1 — devDeps have different evaluation criteria (future enhancement)
• Related Skills references forge-create-issue and forge-implement-issue but is NOT part of the 6-skill pipeline (no "Full workflow" line)
• Gist linked as source material, not copied verbatim — content needs reshaping from reference doc into step-by-step skill prompt

Key Transformation Work (gist → skill)

• Add interaction design (AskUserQuestion pauses, batched output)
• Add error handling paths (no node_modules, no lockfile, audit command failures)
• Add project type detection and threshold calibration
• Add prioritization framework for action items (severity × effort)
• Restructure from human reference format to Claude Code instruction format
• Follow forge section order: frontmatter → title → Input → Process → Guidelines → Related Skills → Example Usage

Acceptance Criteria

• skills/forge-audit-deps/SKILL.md created following coding-guidelines section order
• YAML frontmatter with name, description, allowed-tools
• 8 process steps with valid bash examples for all 4 package managers (npm, pnpm, yarn, bun)
• Interactive output via AskUserQuestion (batched findings, not wall of text)
• Error handling for missing node_modules, missing lockfile, failed audit commands
• Project type detection with calibrated thresholds
• Prioritized action items (security → quick wins → medium effort → deferred)
• Related Skills section referencing forge-create-issue and forge-implement-issue
• docs/architecture.md updated to document standalone utility skill
• README.md updated with forge-audit-deps entry

Additional Context

• Reference material: Dependency Audit Guide gist
• Files to create: skills/forge-audit-deps/SKILL.md
• Files to modify: docs/architecture.md, README.md