From 844977acd9dae14413a3b4f2f23851ce23909cf2 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 25 May 2026 00:37:24 +0000
Subject: [PATCH 1/3] chore(deps): update atlassian/forge-skills digest to
 2014fae

---
 skills/forge-app-builder/spec.yaml | 2 +-
 skills/forge-app-review/spec.yaml  | 2 +-
 skills/forge-debugger/spec.yaml    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/skills/forge-app-builder/spec.yaml b/skills/forge-app-builder/spec.yaml
index cb62290..8c35c69 100644
--- a/skills/forge-app-builder/spec.yaml
+++ b/skills/forge-app-builder/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/atlassian/forge-skills"
-  ref: "bfe376cee02cac671b3b7d91e2ed34ac0220da5c"  # main as of 2026-04-19
+  ref: "2014fae5b1529a22629129b1564ae522593eb46d"  # main as of 2026-04-19
   path: "skills/forge-app-builder"
   version: "0.1.2"
 
diff --git a/skills/forge-app-review/spec.yaml b/skills/forge-app-review/spec.yaml
index aac92e6..5aba31e 100644
--- a/skills/forge-app-review/spec.yaml
+++ b/skills/forge-app-review/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/atlassian/forge-skills"
-  ref: "bfe376cee02cac671b3b7d91e2ed34ac0220da5c"  # main as of 2026-04-19
+  ref: "2014fae5b1529a22629129b1564ae522593eb46d"  # main as of 2026-04-19
   path: "skills/forge-app-review"
   version: "0.1.2"
 
diff --git a/skills/forge-debugger/spec.yaml b/skills/forge-debugger/spec.yaml
index 699aeae..bdedc79 100644
--- a/skills/forge-debugger/spec.yaml
+++ b/skills/forge-debugger/spec.yaml
@@ -9,7 +9,7 @@ metadata:
 
 spec:
   repository: "https://github.com/atlassian/forge-skills"
-  ref: "bfe376cee02cac671b3b7d91e2ed34ac0220da5c"  # main as of 2026-04-19
+  ref: "2014fae5b1529a22629129b1564ae522593eb46d"  # main as of 2026-04-19
   path: "skills/forge-debugger"
   version: "0.1.2"
 

From 596c7a6ffe4a8144e39c767ceace134d2ba83ad9 Mon Sep 17 00:00:00 2001
From: "toolhive-release-app[bot]"
 <280093410+toolhive-release-app[bot]@users.noreply.github.com>
Date: Mon, 25 May 2026 00:37:56 +0000
Subject: [PATCH 2/3] chore(skills): bump spec.version for
 forge-app-builder,forge-app-review,forge-debugger

---
 skills/forge-app-builder/spec.yaml | 2 +-
 skills/forge-app-review/spec.yaml  | 2 +-
 skills/forge-debugger/spec.yaml    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/skills/forge-app-builder/spec.yaml b/skills/forge-app-builder/spec.yaml
index 8c35c69..c846c58 100644
--- a/skills/forge-app-builder/spec.yaml
+++ b/skills/forge-app-builder/spec.yaml
@@ -11,7 +11,7 @@ spec:
   repository: "https://github.com/atlassian/forge-skills"
   ref: "2014fae5b1529a22629129b1564ae522593eb46d"  # main as of 2026-04-19
   path: "skills/forge-app-builder"
-  version: "0.1.2"
+  version: "0.1.3"
 
 provenance:
   repository_uri: "https://github.com/atlassian/forge-skills"
diff --git a/skills/forge-app-review/spec.yaml b/skills/forge-app-review/spec.yaml
index 5aba31e..56061fb 100644
--- a/skills/forge-app-review/spec.yaml
+++ b/skills/forge-app-review/spec.yaml
@@ -11,7 +11,7 @@ spec:
   repository: "https://github.com/atlassian/forge-skills"
   ref: "2014fae5b1529a22629129b1564ae522593eb46d"  # main as of 2026-04-19
   path: "skills/forge-app-review"
-  version: "0.1.2"
+  version: "0.1.3"
 
 provenance:
   repository_uri: "https://github.com/atlassian/forge-skills"
diff --git a/skills/forge-debugger/spec.yaml b/skills/forge-debugger/spec.yaml
index bdedc79..639fa95 100644
--- a/skills/forge-debugger/spec.yaml
+++ b/skills/forge-debugger/spec.yaml
@@ -11,7 +11,7 @@ spec:
   repository: "https://github.com/atlassian/forge-skills"
   ref: "2014fae5b1529a22629129b1564ae522593eb46d"  # main as of 2026-04-19
   path: "skills/forge-debugger"
-  version: "0.1.2"
+  version: "0.1.3"
 
 provenance:
   repository_uri: "https://github.com/atlassian/forge-skills"

From 7bbe55da746f5001c1c45c8a24debd5f8161e230 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio <ozz@stacklok.com>
Date: Wed, 3 Jun 2026 09:54:46 +0300
Subject: [PATCH 3/3] fix(forge-debugger): allowlist skill-scanner false
 positives for 2014fae
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The cisco-ai-skill-scanner flags ATR_2026_00040 (CRITICAL) on the
digest bump to 2014fae. It matches the substring 'EXEC' inside the
'## EXECUTION MANDATE' heading in SKILL.md:5 — documentation prose,
not an executable threat. Suppress by exact rule_id in the per-skill
allowed_issues block.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 skills/forge-debugger/spec.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/skills/forge-debugger/spec.yaml b/skills/forge-debugger/spec.yaml
index 639fa95..5997271 100644
--- a/skills/forge-debugger/spec.yaml
+++ b/skills/forge-debugger/spec.yaml
@@ -21,3 +21,8 @@ security:
   allowed_issues:
     - rule_id: MANIFEST_MISSING_LICENSE
       reason: "atlassian/forge-skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter."
+    # cisco-ai-skill-scanner false positives surfaced by the digest bump to 2014fae.
+    # These are noisy trigger/behavioral-pack rules that match documentation prose,
+    # not executable threats; suppressed per exact rule_id.
+    - rule_id: ATR_2026_00040
+      reason: "FP: scanner matched documentation prose/code (the substring 'EXEC' in the '## EXECUTION MANDATE' heading in SKILL.md:5); no executable threat. atlassian/forge-skills @2014fae5b1529a22629129b1564ae522593eb46d."