This is an automated email from the ASF dual-hosted git repository.
choo121600 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow-steward.git
The following commit(s) were added to refs/heads/main by this push:
new a19366b skills/security-issue-import-from-md: trim frontmatter to fit
metadata budget (#126)
a19366b is described below
commit a19366b75f705a3ba02be3711dd99b4b30d68912
Author: Yeonguk Choo <[email protected]>
AuthorDate: Mon May 11 20:29:27 2026 +0900
skills/security-issue-import-from-md: trim frontmatter to fit metadata
budget (#126)
Trims security-issue-import-from-md frontmatter from 1,149 → 975
chars (margin 387 → 561). Drops the "standard issue-template body
fields populated from the markdown sections" implementation detail
(body covers it), inlines the `/security-review`-style AI pass
description into a tighter "AI security review output" phrasing, and
tightens "Not appropriate when" → "Skip when" for consistency with
the rest of the audit pass.
All four literal trigger phrases preserved verbatim; sibling-skill
distinctions (Gmail / public-PR paths) preserved verbatim; typical
sources (AI / SAST / consultant) preserved as routing signals.
Tracking: #118
---
.../skills/security-issue-import-from-md/SKILL.md | 36 ++++++++++------------
1 file changed, 17 insertions(+), 19 deletions(-)
diff --git a/.claude/skills/security-issue-import-from-md/SKILL.md
b/.claude/skills/security-issue-import-from-md/SKILL.md
index 614a4b8..e77a137 100644
--- a/.claude/skills/security-issue-import-from-md/SKILL.md
+++ b/.claude/skills/security-issue-import-from-md/SKILL.md
@@ -2,26 +2,24 @@
name: security-issue-import-from-md
mode: Triage
description: |
- Open one or more `<tracker>` tracking issues from a markdown file
- containing a batch of security findings (typically the output of an
- AI security review or a third-party scanner). Each finding in the
- file becomes one tracker, landing in the `Needs triage` board
- column with the standard issue-template body fields populated from
- the markdown sections. Unlike `security-issue-import` (Gmail) and
- `security-issue-import-from-pr` (public PR), there is no inbound
- reporter to reply to and no PR to inspect — the file itself is the
- full report.
+ Open one or more `<tracker>` tracking issues from a markdown
+ file containing a batch of security findings (typically the
+ output of an AI security review or a third-party scanner).
+ Each finding becomes one tracker landing in the `Needs
+ triage` board column. Unlike `security-issue-import` (Gmail)
+ and `security-issue-import-from-pr` (public PR), there is no
+ inbound reporter to reply to and no PR to inspect — the file
+ itself is the full report.
when_to_use: |
- Invoke when a security team member says "import findings from
- <path>", "import this scan output", "load these issues from a
- markdown file", or hands the agent a `.md` file containing one or
- more issue blocks separated by `---`. Typical sources: the output
- of a `/security-review`-style AI pass over an upstream branch, a
- third-party SAST report exported as markdown, or a security
- consultant's findings document. Not appropriate when a single
- inbound report is best handled through the Gmail path
- (`security-issue-import`) or when there is a public PR to anchor
- the import on (`security-issue-import-from-pr`).
+ Invoke when a security team member says "import findings
+ from <path>", "import this scan output", "load these issues
+ from a markdown file", or hands the agent a `.md` file with
+ one or more issue blocks separated by `---`. Typical sources:
+ AI security review output, third-party SAST report exported
+ as markdown, or a security consultant's findings document.
+ Skip when a single inbound report belongs on the Gmail path
+ (`security-issue-import`) or when there is a public PR to
+ anchor the import on (`security-issue-import-from-pr`).
argument-hint: "[path-to-markdown-file]"
license: Apache-2.0
---
