Skip to content

feat(skills): package 3 Atlassian Forge skills#510

Merged
JAORMX merged 1 commit into
mainfrom
skills/atlassian
Apr 20, 2026
Merged

feat(skills): package 3 Atlassian Forge skills#510
JAORMX merged 1 commit into
mainfrom
skills/atlassian

Conversation

@JAORMX

@JAORMX JAORMX commented Apr 20, 2026

Copy link
Copy Markdown
Collaborator

Packages 3 skills from atlassian/forge-skills (Apache-2.0), pinned to 0d60ac5.

Skills added

  • forge-app-builder — scaffold, build, and deploy Forge apps
  • forge-app-review — quality/security/marketplace-readiness review
  • forge-debugger — logs, tunnel, resolver/webhook diagnostics

Atlassian is an Anthropic skills launch partner.

Security allowlists

forge-app-builder allowlists DATA_EXFIL_NETWORK_REQUESTS and TOOL_ABUSE_UNDECLARED_NETWORK for list_templates.py — official Atlassian template catalog fetch.

Test plan

  • task validate-skill — VALID
  • task scan-skill passes after allowlist
  • CI green
  • 3 OCI artifacts published

Closes #494

@JAORMX @claude
feat(skills): package 3 Atlassian Forge skills
ac3db51 
Packages 3 skills from atlassian/forge-skills (Apache-2.0), pinned
to upstream 0d60ac5.

- forge-app-builder — scaffold, build, and deploy Forge apps
- forge-app-review — quality/security/marketplace-readiness review
- forge-debugger — logs, tunnel, resolver/webhook diagnostics

Atlassian is an Anthropic skills launch partner. Security:
forge-app-builder allowlists DATA_EXFIL_NETWORK_REQUESTS and
TOOL_ABUSE_UNDECLARED_NETWORK for list_templates.py fetching the
official Atlassian template catalog.

Refs #494
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@JAORMX JAORMX added the skills Skill packaging, vendor skill imports label Apr 20, 2026
@github-actions

github-actions Bot commented Apr 20, 2026

Copy link
Copy Markdown
Contributor

🛡️ Skill Security Scan Results

✅ forge-app-builder

  • Status: Passed
  • Findings: 2
  • Allowed (not blocking): 2
    • TOOL_ABUSE_UNDECLARED_NETWORK (Allowed: The skill's bundled list_templates.py fetches Atlassian's Forge template catalog; the skill does not declare a dedicated network-access tool but the network call is for a documented, trusted destination.)
    • DATA_EXFIL_NETWORK_REQUESTS (Allowed: scripts/list_templates.py uses urllib.request.urlopen() to fetch the official Forge app template index from Atlassian — documented workflow step for scaffolding new apps.)

✅ forge-app-review

  • Status: Passed
  • Findings: 1
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: atlassian/forge-skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ forge-debugger

  • Status: Passed
  • Findings: 1
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: atlassian/forge-skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

Summary: Scanned 3 skill(s), all passed security checks. ✅

@JAORMX JAORMX merged commit 4802586 into main Apr 20, 2026
14 checks passed
@JAORMX JAORMX deleted the skills/atlassian branch April 20, 2026 10:20
@JAORMX JAORMX mentioned this pull request Apr 21, 2026
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samuv samuv samuv approved these changes

Assignees

No one assigned

Labels

skills Skill packaging, vendor skill imports

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

skill: package atlassian/forge-skills into dockyard

2 participants

@JAORMX @samuv