disclosure-tracker

Today is ${today}. Read `memory/MEMORY.md` before starting. ## Goal Monitor the pending vulnerability disclosure backlog. The `vuln-scanner` skill queues draft advisories to `memory/pending-disclosures/` when Private Vulnerability Reporting (PVR) auto-submission fails or when the disclosure path is email-only. Without daily visibility, CRITICAL/HIGH advisories silently age past responsible-disclosure windows. This skill surfaces the queue state every morning and escalates when findings have been sitting too long. ## Steps ### 1. Scan the backlog Check `memory/pending-disclosures/` for draft advisory files. ```bash ls memory/pending-disclosures/ 2>/dev/null ``` If the directory doesn't exist or is empty: - Log `DISCLOSURE_TRACKER_SKIP: no pending advisories` and stop. No notification needed. ### 2. Parse each advisory file For each `.md` file in `memory/pending-disclosures/`: **From the filename** (pattern: `{repo-slug}-{YYYY-MM-DD}.md` or `{repo-slug}-{YYYY-MM-DD}-{ampm}.md`): - Extract target repo slug (everything before the last date segment) - Extract filed date **From the YAML frontmatter** (if present) parse: - `repo:` — overrides the filename slug when present (canonical target) - `severity:` — CRITICAL / HIGH / MEDIUM / LOW - `status:` — see step 2.5 for the controlled vocabulary **From the file content** (fallback for files without frontmatter), look for these fields near the top of the file: - `Severity:` or `**Severity:**` — one of CRITICAL / HIGH / MEDI...