| name | ghsa |
| description | Analyze and help fix a GitHub Security Advisory (GHSA) in this repository. Use when the user types `/ghsa <id>` or asks to triage, verify, or patch a reported GHSA. |
GHSA
Analyze and help fix the GitHub Security Advisory (GHSA) provided as the skill argument.
Steps:
- Fetch the GHSA page using
gh api repos/gogs/gogs/security-advisories and understand the vulnerability details (description, severity, affected versions, CWE).
- Verify the reported vulnerability actually exists, and why.
- Identify the affected code in this repository.
- Propose a fix with a clear explanation of the root cause and how the fix addresses it. Check for prior art in the codebase to stay consistent with existing patterns.
- Implement the fix. Only add tests when there is something meaningful to test at our layer.
- Run all the usual build and test commands.
- Add it to CHANGELOG.md with a placeholder for the PR link.
- Create a branch named after the GHSA ID, commit, and push.
- Create a pull request with a proper title and description, do not reveal too much detail and link the GHSA.
- If a changelog entry was added, update it with the PR link, then commit and push again.