security-issue-import-via-forwarderlisted
Install: claude install-skill apache/airflow-steward
<!-- Placeholder convention (see AGENTS.md#placeholder-convention-used-in-skill-files):
<project-config> → adopting project's `.apache-steward/` directory
<tracker> → value of `tracker_repo:` in <project-config>/project.md
(example: airflow-s/airflow-s for the Apache Airflow security team)
<upstream> → value of `upstream_repo:` in <project-config>/project.md
(example: apache/airflow)
<security-list> → value of `security_list:` in <project-config>/project.md
(example: security@airflow.apache.org)
<security-list-domain> → host portion of <security-list>
(example: airflow.apache.org)
Before running any bash command below, substitute these with the
concrete values from the adopting project's <project-config>/project.md. -->
# security-issue-import-via-forwarder
This skill is the **forwarder-aware extension** of the security-
issue import / invalidate / sync flow. It does not duplicate the
parent skills' classification logic; it specialises the small
slice of behaviour that differs when the inbound message is a
*relay* — sent by a broker on behalf of the original reporter —
rather than a direct report from the reporter themselves.
The contract this skill consumes is documented in
[`tools/forwarder-relay/README.md`](../../../tools/forwarder-relay/README.md).
The adapters enabled for the current adopter are declared in
[`<project-config>/pro