vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-04-26 11:00:38 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
spawn/.claude
History
Exact
Ahmed Abushagur b917e3f280
Some checks are pending
Lint / ShellCheck (push) Waiting to run
Details
Lint / Biome Lint (push) Waiting to run
Details
Lint / macOS Compatibility (push) Waiting to run
Details
fix(security): add collaborator filter to all agent prompts (#3351) 
Raw `gh issue list` / `gh pr list` in agent prompts bypassed the
bash collaborator gate, letting Claude read non-collaborator issues
(potential prompt injection vector). All prompts now pipe through
a jq filter using the cached collaborator list.

- Added collaborator gate section to _shared-rules.md
- Patched 10 prompt files with inline jq collaborator filter
- High-risk: community-coordinator, security-issue-checker,
  qa-record-keeper, security-scanner (read issue bodies)
- Lower-risk: PR list commands in refactor/security prompts

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-23 23:46:13 -07:00
..
rules feat(discovery): add skills scout to discovery team (#3252) 2026-04-10 07:38:43 +00:00
scripts feat(oss): add collaborator gate to all agent team bots (#3333) 2026-04-22 00:32:07 -07:00
skills fix(security): add collaborator filter to all agent prompts (#3351) 2026-04-23 23:46:13 -07:00
settings.json fix: allow nested worktree paths in pre-merge hook regex (#2401) (#2411) 2026-03-09 23:02:30 -04:00