Fix uv ecosystem value in dependabot skill (#1990)

* Fix uv ecosystem value in dependabot skill

Dependabot supports `uv` ecosystem. It should be used rather than `pip`.

https://docs.github.com/en/code-security/reference/supply-chain-security/supported-ecosystems-and-repositories

* Add note to choose uv or pip for dependabot skill

skills/dependabot/SKILL.md

@@ -34,7 +34,8 @@ Scan the repository for dependency manifests. Look for:
 | Ecosystem | YAML Value | Manifest Files |
 |---|---|---|
 | npm/pnpm/yarn | `npm` | `package.json`, `package-lock.json`, `pnpm-lock.yaml`, `yarn.lock` |
-| pip/pipenv/poetry/uv | `pip` | `requirements.txt`, `Pipfile`, `pyproject.toml`, `setup.py` |
+| pip/pipenv/poetry | `pip` | `requirements.txt`, `Pipfile`, `pyproject.toml`, `setup.py` |
+| uv | `uv` | `pyproject.toml`, `uv.lock` |
 | Docker | `docker` | `Dockerfile` |
 | Docker Compose | `docker-compose` | `docker-compose.yml` |
 | GitHub Actions | `github-actions` | `.github/workflows/*.yml` |
@@ -57,7 +58,9 @@ Scan the repository for dependency manifests. Look for:
 | Git Submodules | `gitsubmodule` | `.gitmodules` |
 | Pre-commit | `pre-commit` | `.pre-commit-config.yaml` |
 
-Note: pnpm and yarn both use the `npm` ecosystem value.
+Notes:
+- pnpm and yarn both use the `npm` ecosystem value.
+- Prefer `uv` ecosystem value when `uv.lock` is present; otherwise use `pip`.
 
 ### Step 2: Map Directory Locations