Docs
Security feedback
The security feedback workflow processes a maintainer's response to a security-labelled issue — usually one of the scan summaries produced by security review. It turns that feedback into action: breaking findings into individual issues, recording accepted risk or false-positives, reopening, or simply discussing.
Permission profile:
repo-write — full
read/write, so it can open PRs that update SECURITY.md and
create new issues.
Pipeline
What it does
Depending on the maintainer's intent, it can:
- Create issues — break the findings into individual issues
- Accept risk / false-positive — update
SECURITY.mdvia a PR - Reopen — reopen a finding
- Discuss — reply in-thread without further action
Triggers
- GitHub comment: an
@last-lightmention on an issue labelledsecurity(routesecurity_feedback)
Skill
This workflow uses the security-feedback skill.