← ClaudeAtlas

security-issue-import-from-mdlisted

Open one or more `<tracker>` tracking issues from a markdown file containing a batch of security findings. Each finding becomes one tracker landing in the `Needs triage` board column. The file itself is the full report — there is no inbound reporter to reply to and no PR to inspect.
apache/airflow-steward · ★ 19 · Data & Documents · score 80
Install: claude install-skill apache/airflow-steward
<!-- Placeholder convention (see AGENTS.md#placeholder-convention-used-in-skill-files): <project-config> → adopting project's `.apache-steward/` directory <tracker> → value of `tracker_repo:` in <project-config>/project.md (example: airflow-s/airflow-s for the Apache Airflow security team) <upstream> → value of `upstream_repo:` in <project-config>/project.md (example: apache/airflow) Before running any bash command below, substitute these with the concrete values from the adopting project's <project-config>/project.md. --> # security-issue-import-from-md This skill is the **batch on-ramp** of the security-issue handling process for the case where the security team has a markdown file containing one or more pre-formatted security findings — typically the output of an AI security review run against an `<upstream>` branch, or a third-party scanner exporting in a similar shape. It parses each finding in the file and creates one `<tracker>` tracking issue per finding, landing them in `Needs triage` so the standard validity discussion (Step 3 of [`README.md`](../../../README.md)) can run. It is the third on-ramp variant alongside the two existing import skills: | | `security-issue-import` | `security-issue-import-from-pr` | `security-issue-import-from-md` | |---|---|---|---| | Source | `<security-list>` Gmail / PonyMail thread | `<upstream>` PR URL or number | Markdown file with one or more find