I think of this another way, a lot of times people look at pip as a tool just for installing packages, but I think that’s wrong.
If that’s all it was, then commands like pip index, pip wheel, pip show, pip list, pip inspect, etc should not exist. In fact, you could argue that pip audit is really nothing more than pip list --audit with some extra features (support for -r for instance), which --audit is a hypothetical flag like --outdated where, instead of querying the repository for new versions, pip would be querying the repository for vulnerabilities associated with the version.
I have a hard time coming up with an objective criterion for inclusion in pip that includes things like pip list or pip index or pip show but doesn’t include pip audit.