← ClaudeAtlas

security-issue-invalidatelisted

Close an `<tracker>` tracking issue as invalid: apply the `invalid` label, remove the scope label, post a short closing comment, archive the item from the project board, and — for trackers imported from `<security-list>` — draft a polite-but-firm reply to the reporter on the original Gmail thread explaining the team's reasoning (extracted from the tracker's discussion). For trackers opened via `security-issue-import-from-pr`, the email-draft step is skipped per the *no outreach to the PR author* rule of that skill.
apache/airflow-steward · ★ 19 · AI & Automation · score 80
Install: claude install-skill apache/airflow-steward
<!-- Placeholder convention (see AGENTS.md#placeholder-convention-used-in-skill-files): <project-config> → adopting project's `.apache-steward/` directory <tracker> → value of `tracker_repo:` in <project-config>/project.md (example: airflow-s/airflow-s for the Apache Airflow security team) <upstream> → value of `upstream_repo:` in <project-config>/project.md (example: apache/airflow) <cve-tool> → adapter directory under `tools/` named by `cve_authority.tool:` in <project-config>/project.md (example: cve-tool-vulnogram when `tool: vulnogram`, i.e. the ASF default that resolves to `tools/cve-tool-vulnogram/`). Before running any bash command below, substitute these with the concrete values from the adopting project's <project-config>/project.md. --> # security-issue-invalidate This skill is the **terminal-disposition apply step** for the `invalid` close on an `<tracker>` tracker. It does not host the discussion that decides invalidity — that happens at Step 5 of the [handling process](../../../docs/security/process.md#step-5--land-the-validinvalid-consensus) in the tracker's comments. Once the team has reached a consensus-invalid decision, this skill applies it: labels the tracker `invalid`, posts a short public-facing closing comment, closes the tracker, archives the project-board item, and