Agent Skillsaaronjmars/aeon › Inbox Triage

Inbox Triage

GitHub

自动读取GitHub通知收件箱,筛选近14天未读消息。按安全、漏洞回复、评审请求等分类,重点标记超7天的漏洞PR回复,并交叉引用记忆文件以辅助决策。

skills/inbox-triage/SKILL.md aaronjmars/aeon

Trigger Scenarios

需要处理GitHub通知时 维护者需检查未读邮件或评论时

Install

npx skills add aaronjmars/aeon --skill Inbox Triage -g -y
More Options

Use without installing

npx skills use aaronjmars/aeon@Inbox Triage

指定 Agent (Claude Code)

npx skills add aaronjmars/aeon --skill Inbox Triage -a claude-code -g -y

安装 repo 全部 skill

npx skills add aaronjmars/aeon --all -g -y

预览 repo 内 skill

npx skills add aaronjmars/aeon --list

SKILL.md

Frontmatter
{
    "var": "",
    "name": "Inbox Triage",
    "tags": [
        "github",
        "security",
        "meta"
    ],
    "type": "Skill",
    "category": "dev",
    "schedule": "30 11 * * *",
    "description": "Daily GitHub notification inbox triage — surfaces aging vuln PR replies, security advisories, review requests, and mentions that need action"
}

Today is ${today}. Read memory/MEMORY.md before starting.

Why this skill exists

followup-patrol reads manually tracked items in MEMORY.md. disclosure-tracker handles memory/pending-disclosures/. vuln-tracker tracks the operator's vuln PRs by scanning branch names. None of these read from the actual GitHub notification inbox. When a maintainer replies to a vuln PR — or a security advisory opens on a watched repo — it sits unread until someone manually checks GitHub. This skill reads the inbox and routes what needs action.

pr-tracker covers merged/closed operator PRs. vuln-tracker covers lifecycle by branch. This skill covers the notification layer — inbound responses, review requests, security alerts, mentions.

Steps

1. Fetch GitHub notifications

Run:

gh api /notifications --paginate 2>&1

Parse the JSON array. If the command errors or returns an empty array [], log INBOX_TRIAGE_SKIP: no notifications and stop.

Limit to the first 100 notifications if --paginate returns more (GitHub caps at 50 per page; two pages is enough).

For each notification record:

  • id
  • reason — why you're being notified (mention, review_requested, author, state_change, security_alert, assign, etc.)
  • subject.title
  • subject.type — PullRequest, Issue, Release, etc.
  • subject.url — API URL for the subject
  • repository.full_name
  • updated_at — ISO timestamp

2. Filter

Keep notifications where unread: true AND updated_at is within the last 14 days. Discard older or read ones.

If zero remain after filtering: log INBOX_TRIAGE_SKIP: no actionable notifications within 14 days and stop.

3. Categorize

Assign each notification to exactly one category (first match wins):

Category Match criteria
SECURITY reason == "security_alert" OR title contains any of: vulnerability, vuln, CVE, advisory, security
VULN_REPLY subject.type == "PullRequest" AND reason is one of: author, state_change, comment AND repository.full_name is NOT under the operator's own account/org (derive the operator's GitHub handle from soul/SOUL.md or the workflow's GITHUB_ACTOR — these are PRs filed on third-party repos by the vuln-scanner)
REVIEW_NEEDED reason == "review_requested"
MENTION reason == "mention" OR reason == "team_mention"
GENERAL everything else

4. Age vuln PR replies

For each VULN_REPLY notification, compute age_days = today minus updated_at date (integer days).

Flag urgency:

  • CRITICAL — age_days > 7 (maintainer likely hasn't responded)
  • AGING — age_days 3–7
  • FRESH — age_days < 3

Cross-reference with memory/topics/vuln-followup.md if it exists: look for the PR title in that file and pull any tracked notes (e.g. "approved", "NEEDS-ANSWER", merge status).

5. Resolve HTML URLs for action items

For each notification in SECURITY, VULN_REPLY (CRITICAL or AGING), REVIEW_NEEDED, and MENTION categories:

Try to get the HTML URL via:

gh api {subject.url} --jq '.html_url' 2>/dev/null

If that fails, construct the URL manually: https://github.com/{repository.full_name}/pulls/{number} for PRs https://github.com/{repository.full_name}/issues/{number} for issues

(Extract the number from the tail of subject.url.)

6. Write triage summary

Overwrite memory/topics/inbox-triage.md:

# GitHub Inbox Triage

Last run: {today}
Scanned: {N} unread notifications ({N} within 14 days)

## Action Required

### Security ({count})
{for each SECURITY item, sorted by age:}
- **{repo}**: {title} ({age_days}d) — {html_url}

{if none:}
None.

### Vuln PR Replies ({count_critical} critical, {count_aging} aging)
{for each VULN_REPLY sorted by age desc:}
- **[{CRITICAL|AGING|FRESH}]** `{repo}` ({age_days}d): {title} — {html_url}
  {if vuln-followup note found:} _{tracked note}_

{if none:}
None.

### Review Requested ({count})
{for each REVIEW_NEEDED item:}
- **{repo}**: {title} — {html_url}

{if none:}
None.

### Mentions ({count})
{for each MENTION item:}
- **{repo}**: {title} — {html_url}

{if none:}
None.

## No Action Needed
{count_general} general notifications (subscriptions, automated state changes).

7. Update MEMORY.md known follow-ups

Read memory/MEMORY.md. Find the ## Known Follow-ups section.

Add any VULN_REPLY CRITICAL item not already tracked there — append:

- **{repo} #{number} NEEDS-ANSWER** — {age_days}d since maintainer activity ({url})

Update any existing NEEDS-ANSWER item for a PR that now appears as FRESH in VULN_REPLY (maintainer responded recently) — change its note to RESPONDED — verify resolution.

Do NOT add GENERAL, REVIEW_NEEDED, MENTION, or SECURITY items to MEMORY.md Known Follow-ups (too noisy; security items warrant a separate issue if severe).

8. Send notification

Only send if at least one of:

  • Any SECURITY item
  • Any VULN_REPLY where urgency == CRITICAL
  • Any REVIEW_NEEDED item
  • Three or more MENTION items

Write to .pending-notify-temp/inbox-triage-${today}.md:

inbox — {today}

{if SECURITY:}
security alert: {repo} — {title}

{if VULN_REPLY CRITICAL:}
vuln PRs aging: {comma-separated list of "repo (Nd)"}

{if REVIEW_NEEDED:}
review needed: {comma-separated repo list}

{if 3+ MENTION:}
{N} mentions

read it: memory/topics/inbox-triage.md

Then:

./notify -f .pending-notify-temp/inbox-triage-${today}.md

If nothing meets the threshold: skip notification. Log that no notification was sent.

9. Log

Append to memory/logs/${today}.md:

## Inbox Triage
- **Scanned:** {N} notifications
- **Security:** {N}
- **Vuln replies:** {N total} ({N_critical} critical, {N_aging} aging, {N_fresh} fresh)
- **Review needed:** {N}
- **Mentions:** {N}
- **MEMORY.md follow-ups updated:** {yes/no — what changed}
- **Notification sent:** {yes/no}
- INBOX_TRIAGE_OK

If skipped:

## Inbox Triage
- INBOX_TRIAGE_SKIP: {reason}

Required Env Vars

None beyond GITHUB_TOKEN, which GitHub Actions sets automatically and gh uses internally.

Sandbox Note

Uses gh api for all GitHub calls — no curl, no env var expansion in headers. gh api works in the GitHub Actions sandbox. If gh api /notifications fails (rate limit, auth error), log the error and exit with INBOX_TRIAGE_SKIP: api error. Use WebFetch as a fallback only if gh is unavailable — the endpoint is https://api.github.com/notifications with Authorization: Bearer $GITHUB_TOKEN but that won't work in sandbox; prefer gh.

What this is NOT

  • Not a duplicate of followup-patrol — followup-patrol reads manually curated items in MEMORY.md. This reads the raw GitHub inbox.
  • Not a duplicate of vuln-tracker — vuln-tracker tracks lifecycle by branch name. This catches inbound maintainer replies via notifications.
  • Not a duplicate of disclosure-tracker — disclosure-tracker manages memory/pending-disclosures/ advisory drafts. This reads GitHub security alerts and PR responses.

Version History

  • fb16753 Current 2026-07-05 12:06

Same Skill Collection

skills/action-converter/SKILL.md
skills/article/SKILL.md
skills/auto-merge/SKILL.md
skills/auto-workflow/SKILL.md
skills/autoresearch/SKILL.md
skills/bd-radar/SKILL.md
skills/changelog/SKILL.md
skills/code-health/SKILL.md
skills/cost-report/SKILL.md
skills/create-skill/SKILL.md
skills/ctrl/SKILL.md
skills/defi-overview/SKILL.md
skills/deploy-prototype/SKILL.md
skills/digest/SKILL.md
skills/distribute-tokens/SKILL.md
skills/ecosystem-pulse/SKILL.md
skills/fear-divergence/SKILL.md
skills/feature/SKILL.md
skills/fetch-tweets/SKILL.md
skills/fleet-control/SKILL.md
skills/fork-fleet/SKILL.md
skills/github-monitor/SKILL.md
skills/github-trending/SKILL.md
skills/heartbeat/SKILL.md
skills/idea-forge/SKILL.md
skills/idea-pipeline/SKILL.md
skills/install-skill/SKILL.md
skills/investigation-report/SKILL.md
skills/issue-triage/SKILL.md
skills/last30/SKILL.md
skills/memory-flush/SKILL.md
skills/mention-radar/SKILL.md
skills/monitor-polymarket/SKILL.md
skills/narrative-convergence/SKILL.md
skills/narrative-tracker/SKILL.md
skills/okf-export/SKILL.md
skills/okf-ingest/SKILL.md
skills/onchain-monitor/SKILL.md
skills/operator-scorecard/SKILL.md
skills/picks-tracker/SKILL.md
skills/pm-manipulation/SKILL.md
skills/pm-pulse/SKILL.md
skills/pr-review/SKILL.md
skills/pr-triage/SKILL.md
skills/price-alert/SKILL.md
skills/reply-maker/SKILL.md
skills/repo-scanner/SKILL.md
skills/schedule-ads/SKILL.md
skills/search-skill/SKILL.md
skills/self-improve/SKILL.md
skills/send-email/SKILL.md
skills/skill-health/SKILL.md
skills/skill-repair/SKILL.md
skills/soul-builder/SKILL.md
skills/spawn-instance/SKILL.md
skills/strategy-builder/SKILL.md
skills/token-movers/SKILL.md
skills/token-pick/SKILL.md
skills/treasury-info/SKILL.md
skills/tx-explain/SKILL.md
skills/unlock-monitor/SKILL.md
skills/verdikta-hunter/SKILL.md
skills/vuln-scanner/SKILL.md
skills/vuln-tracker/SKILL.md
skills/workflow-audit/SKILL.md
skills/write-tweet/SKILL.md
skills/x402-monitor/SKILL.md
skills/base-mcp/SKILL.md
skills/star-milestone/SKILL.md

Metadata

Files
0
Version
fb16753
Hash
a2761de9
Indexed
2026-07-05 12:06

Accueil - Wiki
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-09 02:43
浙ICP备14020137号-1 $Carte des visiteurs$