Skip to content

chore(deps): update pulumi/agent-skills digest to b001eb8#785

Open
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/pulumi-agent-skills-digest
Open

chore(deps): update pulumi/agent-skills digest to b001eb8#785
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/pulumi-agent-skills-digest

Conversation

@renovate

@renovate renovate Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
pulumi/agent-skills digest 8a27696b001eb8

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

…ulumi-automation-api,pulumi-best-practices,pulumi-component,pulumi-esc,pulumi-upgrade-provider,upstream-patches
@toolhive-release-app

toolhive-release-app Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

🛡️ Skill Security Scan Results

✅ package-usage

  • Status: Passed
  • Findings: 2

✅ provider-upgrade

  • Status: Passed
  • Findings: 12
  • Allowed (not blocking): 6
    • MANIFEST_MISSING_LICENSE (Allowed: pulumi/agent-skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)
    • ATR_2026_00111 (Allowed: FP: cisco-ai-skill-scanner matched $(uname -s | tr '[:upper:]' '[:lower:]') and $(uname -m) in the documented schema-tools download example (references/diagnostic-toolbox.md); used only to detect the local OS/arch for a release URL, not attacker-controllable input.)
    • ATR_2026_00111 (Allowed: FP: cisco-ai-skill-scanner matched $(uname -s | tr '[:upper:]' '[:lower:]') and $(uname -m) in the documented schema-tools download example (references/diagnostic-toolbox.md); used only to detect the local OS/arch for a release URL, not attacker-controllable input.)
    • ATR_2026_00066 (Allowed: FP: cisco-ai-skill-scanner matched ${VERSION}/schema-tools-${VERSION}-${OS}-${ARCH} in the documented schema-tools download example (references/diagnostic-toolbox.md); standard shell variable substitution for a GitHub release URL, no injection risk.)
    • COMPOUND_EXTRACT_EXECUTE (Allowed: The skill documents standard npm install / pip install / go get upgrade workflows which involve extracting packaged archives and running their lifecycle scripts. The scanner itself notes 'found in documentation — may be instructional'.)
    • ATR_2026_00040 (Allowed: FP: cisco-ai-skill-scanner matched 'chmod' in the documented schema-tools install script (references/diagnostic-toolbox.md), which does chmod +x /tmp/schema-tools on the binary it just downloaded and extracted. Standard install step, not privilege escalation.)

✅ pulumi-automation-api

  • Status: Passed
  • Findings: 0

✅ pulumi-best-practices

  • Status: Passed
  • Findings: 2
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: pulumi/agent-skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ pulumi-component

  • Status: Passed
  • Findings: 3
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: pulumi/agent-skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ pulumi-esc

  • Status: Passed
  • Findings: 5
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: pulumi/agent-skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

✅ pulumi-upgrade-provider

  • Status: Passed
  • Findings: 4

❌ upstream-patches

  • Status: Failed
  • Findings: 6
  • Blocking: 3

Blocking issues:

  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(sed -n 's/^Subject: [PATCH] //p' "$patch" | head -n1) (SKILL.md:43)
  • [ATR_2026_00111] (CRITICAL) Pattern detected: $(git rev-parse "${target_sha}^") (SKILL.md:61)
  • [ATR_2026_00066] (CRITICAL) Pattern detected: ${target_sha} (SKILL.md:74)

Summary: Scanned 8 skill(s), found 3 blocking issue(s).

⚠️ Action Required: Review the blocking findings. Add a justified entry to the skill's security.allowed_issues[] in its spec.yaml if the finding is a false positive.

@renovate

renovate Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants