[PR] skills/security-issue-import-from-md: trim frontmatter to fit metadata budget [airflow-steward]

Mon, 11 May 2026 01:28:22 -0700 


choo121600 opened a new pull request, #126:
URL: https://github.com/apache/airflow-steward/pull/126

   ## Summary
   
   Trims `security-issue-import-from-md` frontmatter (`description` + 
`when_to_use`) from **1,149 → 975** characters.
   
   Same principle as #103 and the rest of #118's audit pass: frontmatter is the 
routing layer. The body's sibling-comparison table (L52-59) and the 
standard-issue-template population details belong in the body, not the routing 
layer.
   
   Tracking: #118
   
   ## Before / after
   
   |              | before | after | Δ      |
   |--------------|-------:|------:|-------:|
   | description  | 539    | 444   | -95    |
   | when_to_use  | 610    | 531   | -79    |
   | **total**    | **1,149** | **975** | **-174** |
   | budget margin | 387   | 561   | +174   |
   | budget        | 1,536  | 1,536 |        |
   
   ## What moved where
   
   | Detail                                                                     
                       | Where it lives now                                  |
   
|---------------------------------------------------------------------------------------------------|-----------------------------------------------------|
   | `with the standard issue-template body fields populated from the markdown 
sections`               | Body Steps (issue-template field population)        |
   | `the output of a /security-review-style AI pass over an upstream branch` 
(verbose source detail) | Tightened to `AI security review output` — the 
matchable substring `AI security review` survives |
   | `Not appropriate when` → `Skip when`                                       
                       | Consistency with other trimmed skills in this audit 
pass |
   
   The three sibling on-ramps (`security-issue-import`, 
`security-issue-import-from-pr`, this one) keep their distinguishing routing in 
the frontmatter: *"Gmail"*, *"public PR"*, *"the file itself is the full 
report"*.
   
   ## Trigger-phrase preservation
   
   Every literal trigger phrase from the original `when_to_use` is preserved 
verbatim:
   
   - `"import findings from <path>"`
   - `"import this scan output"`
   - `"load these issues from a markdown file"`
   - *hands the agent a `.md` file with one or more issue blocks separated by 
`---`*
   
   Typical-source routing signals preserved:
   
   - *AI security review output*
   - *third-party SAST report exported as markdown*
   - *security consultant's findings document*
   
   Sibling distinctions preserved verbatim:
   
   - `security-issue-import` (Gmail path)
   - `security-issue-import-from-pr` (public PR path)
   
   Routing recall does not regress.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to