fix(skills): update getsentry/skills to 5a64b36, fix 3 of 5 scan failures#739
Open
JAORMX wants to merge 5 commits into
Open
fix(skills): update getsentry/skills to 5a64b36, fix 3 of 5 scan failures#739JAORMX wants to merge 5 commits into
JAORMX wants to merge 5 commits into
Conversation
…code-review,code-simplifier,commit,create-branch,django-access-review,django-perf-review,doc-coauthoring,find-bugs,gh-review-requests,gha-security-review,iterate-pr,pr-writer,prompt-optimizer,security-review,skill-scanner,skill-writer
- doc-coauthoring: ATR_2026_00051 matched "For each" in a workflow step description, plain prose. - find-bugs: ATR_2026_00111 is the scanner's new numbered id for the same finding already allowlisted under the old named id ATR_MCP_MALICIOUS_RESPONSE (a read-only gh/git command substitution). - skill-scanner: ATR_2026_00276 matched an actual zero-width-space character used as a worked example in the skill's own prompt-injection-pattern reference docs -- same "meta-skill documents attack patterns for detection" class as its existing allowlist entries. Note: gha-security-review (36 blocking findings, 8 distinct rule ids) and skill-writer (176 blocking findings, 10 distinct rule ids) in this same digest bump are NOT fixed here -- high volume in security-review domain content, flagged for human review rather than bulk-allowlisted. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Contributor
🛡️ Skill Security Scan Results✅ agents-md
✅ claude-settings-audit
✅ code-review
✅ code-simplifier
✅ commit
✅ create-branch
✅ django-access-review
✅ django-perf-review
✅ doc-coauthoring
✅ find-bugs
✅ gh-review-requests
❌ gha-security-review
Blocking issues:
✅ iterate-pr
✅ pr-writer
✅ prompt-optimizer
✅ security-review
❌ skill-scanner
Blocking issues:
Allowlisted (not blocking):
❌ skill-writer
Blocking issues:
Summary: Scanned 18 skill(s), found 117 blocking issue(s).
|
…l-scanner The scanner's non-determinism kept surfacing a different subset of this 153-line reference doc's documented attack-example strings on each re-scan (Ignore previous instructions, SYSTEM: ignore, jailbreak examples, exfil, etc.). Upstream's own file includes a "False Positive Guide" explicitly stating patterns in references/ files are documentation, not attacks. Allowlisting the full observed rule_id set at once rather than whack-a-moling one at a time. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
samuv
approved these changes
Jul 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
skill-security-scan.build-skill-artifactsfailure across ~17 skills in chore(deps): update getsentry/skills digest to 5a64b36 #685 was a transient Docker Hub 500 pullingmikefarah/yq:4-githubactionduring job setup — unrelated to this bump, already cleared on re-run.doc-coauthoring:ATR_2026_00051matched "For each" in a workflow-step description (plain prose).find-bugs:ATR_2026_00111is the scanner's new numbered rule id for a finding already allowlisted under the old named idATR_MCP_MALICIOUS_RESPONSE(read-onlygit/ghcommand substitution). The scanner appears to have switched from named to numberedATR_2026_*ids, making some existing allowlist entries stale.skill-scanner:ATR_2026_00276matched an actual zero-width-space character used as a worked example in this meta-skill's own prompt-injection-pattern reference docs — same "documents attack patterns for detection" class as its existing allowlist entries.gha-security-review(36 blocking findings across 8 distinct rule ids) andskill-writer(176 blocking findings across 10 distinct rule ids). Spot-checked samples from both look like the same benign-domain-vocabulary FP class (GHA${{ }}expressions, "deploy"/"upload", code fences, doc prose) as everything else in this batch, and their existing allowlists use the same stale named-rule-id pattern found in find-bugs — but the volume is high enough for security-review-domain content that I didn't want to bulk-allowlist without a second pair of eyes.Test plan
dockhandlocally, ranvalidate-skillagainst all 3 fixed spec.yaml files — allStatus: VALIDgha-security-reviewandskill-writerto go greenCo-Authored-By: Claude Sonnet 5 noreply@anthropic.com