Improve the CVE analysis tooling as per the feedback received from the Compliance team: https://redhat-internal.slack.com/archives/C08PBL1D8TB/p1765384107342609?thread_ts=1763401688.095809&cid=C08PBL1D8TB

 
After looking through the command, I think it could benefit from dividing up some of the items in the phases into skills.md files just in case the model has a smaller context window. Thinking like a skill for understanding the cve, one for call graph analysis, one for maybe testing results between the build binary and code itself with govulncheck - is the same symbol found after DCE? Also it seems only for go projects - makes sense, openshift. A good enhancement could be making this work for other languages and for containers even.One thing I've found helpful with these commands also is explicit decision points - probably can replace nested conditions with clear branches like:
After Phase 1:*

• IF CVE not found → Ask user for details OR exit
• IF CVE found → Proceed to Phase 2

*After Phase 2:*

• IF NOT AFFECTED → Generate "all clear" report
• IF AFFECTED → Proceed to Phase 3
• IF UNCLEAR → Generate "needs manual review" report
   
  also probably should move the tools needed into a setup section - engineers may not have govulncheck or call graph installed, best to prompt them early