Update more AI skills

[mattleibow]

This pull request introduces a new security audit skill for SkiaSharp's native dependencies and refines the workflow for updating those dependencies. The main focus is to clearly separate the processes for security auditing (read-only investigation and reporting) and for updating/fixing dependencies. Documentation has been enhanced to guide users on when to use each skill, ensure a more thorough and auditable update process, and prevent common mistakes.

Security Audit Skill Addition:

• Introduced a new security-audit skill that provides a comprehensive, read-only workflow for auditing SkiaSharp's native dependencies for CVEs and security issues, including detailed reporting, prioritization, and actionable recommendations.
• Added a reference document listing known false positive CVEs (e.g., MiniZip in zlib) that do not affect SkiaSharp, along with evidence and verification steps.

Native Dependency Update Skill Improvements:

• Clarified that security audits (CVE checks, PR coverage) should use the new security-audit skill, and removed ambiguous triggers from the update skill documentation.
• Expanded the update workflow to require checking for existing PRs before starting work, evaluating their relevance and currency, and reporting findings to the user before proceeding.
• Improved instructions for verifying current and target dependency versions, and for presenting findings to the user, including existing PRs and reasons for updates.
• Simplified and clarified the process for checking CI status and PR merge state, emphasizing the importance of verifying actual PR state rather than just CI status.

Process and Documentation Clarity:

• Strengthened language to require following every phase of the update workflow and removed ambiguous language that could be interpreted as permission to skip steps.
• Removed redundant warnings about not pushing directly to main branches, focusing instead on the critical need for PRs and submodule updates. [1] [2]

[github-actions]

Triage Summary

Labels will be applied to indicate the areas affected, specifically relating to updates and improvements in SkiaSharp's native dependencies concerning security auditing and dependency management.

This issue is not a regression, as it does not relate to a previous version's breakdown but rather discusses ongoing improvements.

Additional remarks:

• The issue does not pertain to a specific operating system or platform and focuses solely on SkiaSharp.
• There is no information regarding compatibility, performance, or reliability issues, only updates on AI skills related to security.

Detailed Summary and Actions

Summary of the triage:

• The issue relates to updates in the workflow for SkiaSharp's native dependencies.
• It specifically discusses improvements concerning security auditing and dependency management.
• No specific operating system or platform label applies, as the issue is solely about the library.

Summary of the actions that will be performed:

Action	Item	Description
Apply Label	area/SkiaSharp	The issue relates to updates and improvements in SkiaSharp's native dependencies, particularly focusing on security auditing and dependency management.
Apply Label	backend/SkiaSharp	The issue discusses updates related to SkiaSharp's native dependencies, specifically introducing a new security audit skill for them.

This entire triage process was automated by AI and mistakes may have been made. Please let us know so we can continue to improve.