justinmclean opened a new issue, #349: URL: https://github.com/apache/airflow-steward/issues/349
### What's broken ## Summary A few `gh issue list` / `gh pr list` calls in the security-issue skills omit `--limit`, so they silently cap at 30 results. Add an explicit `--limit` to each call that `skill-validate` flags. ## Background `gh ... list` without `--limit` returns at most 30 rows. On a busy tracker that silently drops results, so a skill can miss an open issue or PR, or (worse) compute a wrong count. The repo's `skill-validate` tool reports each offending call under its `gh-list-no-limit` rule. ## Where to look Run the validator first. It points at the exact lines, so you never work from a stale line number: ```bash uv run --project tools/skill-validator --group dev skill-validate ``` Every `gh-list-no-limit` warning it prints is a call to fix. As of this writing they are: - `.claude/skills/security-issue-triage/SKILL.md` — `gh pr list --search` (~line 804) - `.claude/skills/security-issue-sync/SKILL.md` — ~lines 188, 189, 2215 - `.claude/skills/security-issue-fix/SKILL.md` — ~line 266 Leave the `gh ... list` calls that already pass `--limit` alone (for example triage lines 289/291 and sync lines 184/185). A reasonable default for a list you want fully is `--limit 100`. **One call needs a moment's thought:** `security-issue-sync` (~line 2215) is a *count* — `gh issue list ... --json number --jq 'length'`. Without a limit the count silently caps at 30, so give it a limit comfortably above the real number of open trackers (e.g. `--limit 1000`), not just any value, or the count stays wrong. ## Acceptance criteria - [ ] Every `gh issue/pr list` call that `skill-validate` flags has an explicit `--limit`. - [ ] `uv run --project tools/skill-validator --group dev skill-validate` reports no `gh-list-no-limit` warnings. - [ ] The `security-issue-sync` milestone count reflects the true number of open trackers, not a capped 30. - [ ] No behaviour change beyond removing the silent 30-row cap. ## Estimated effort ~1 hour for someone new to the codebase. ## Getting started - [Contributing guide](<contributing-doc-url>) - [Local setup](<local-setup-doc-url>) - [How to open a pull request](<pr-opening-doc-url>) --- _This issue was drafted with an AI-assisted tool and reviewed by a maintainer before posting._ ### Which layer - `.claude/skills/security-issue-triage/SKILL.md` — `gh pr list --search` (~line 804) - `.claude/skills/security-issue-sync/SKILL.md` — ~lines 188, 189, 2215 - `.claude/skills/security-issue-fix/SKILL.md` — ~line 266 ### How to reproduce ```bash uv run --project tools/skill-validator --group dev skill-validate ``` ### Expected vs actual see acceptance criteria ### Surface area (optional) _No response_ ### Environment (optional) _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
