← ClaudeAtlas

security-issue-synclisted

Synchronize a security issue in <tracker> with the state of its GitHub discussion, the <security-list> mailing thread, and any <upstream> PRs that fix it. The skill gathers all relevant signals and proposes label / milestone / assignee / field / draft-email updates — applying only what the user has explicitly confirmed. Suggests the next step in the handling process and prints the CVE allocation link when a CVE is needed.
apache/airflow-steward · ★ 19 · AI & Automation · score 80
Install: claude install-skill apache/airflow-steward
<!-- Placeholder convention (see AGENTS.md#placeholder-convention-used-in-skill-files): <project-config> → adopting project's `.apache-steward/` directory <tracker> → value of `tracker_repo:` in <project-config>/project.md (example: airflow-s/airflow-s for the Apache Airflow security team) <upstream> → value of `upstream_repo:` in <project-config>/project.md (example: apache/airflow) <cve-tool> → adapter directory under `tools/` named by `cve_authority.tool:` in <project-config>/project.md (example: cve-tool-vulnogram when `tool: vulnogram`, i.e. the ASF default that resolves to `tools/cve-tool-vulnogram/`). Before running any bash command below, substitute these with the concrete values from the adopting project's <project-config>/project.md. --> # security-issue-sync This skill reconciles a single security issue in [`<tracker>`](https://github.com/<tracker>) with: 1. the **GitHub issue** itself — comments, labels, milestone, assignee, description fields; 2. the **email thread** on `<security-list>` that originated the report (and any follow-ups); 3. any **pull requests** in `<upstream>` or `<tracker>` that reference or fix the issue; 4. the **handling process** documented in [`README.md`](../../../README.md). **Golden rule 1 — propose before applying.** Every change this skill performs